On Thu, 5 Feb 2015 20:44:35 +0000 (UTC) "L.R. d S." <[email protected]> wrote:
> >Why do you think buying a used device might > >make trust even less? Do you really trust the vendor/shipper? > > And why should we trust on Gluglug, for example? This is irrational, > since x60/T60 is out of production. Also, we shouldn't "trust" it, we > should -know- this is working correctly. It really depends on your threat model and so on. The ideal thing would be not to have to trust Gluglug, because it's somehow a single point of failure. Still we may able to verify the hardware and software. * For coreboot, we can dump it, but I guess there is no reproducible build procedure in place. So it's wroth trying to see if that can be done. * For the distro, the packages are signed by Trisquel, which itself isn't reproducible yet. * For the hardware it could be inspected. * For the code in the other chips(like ec, hdd controller inside the hdd and so on, I wonder how to check for that). I also wonder about the best way to publish such test results. Having such procedure in place would also directly benefit Gluglug, since it would put less pressure on them to do things right. That is to say, the coercion attempts probability are way higher when there is no procedure in place to prevent them. > >The MacBook Air comes with a keyboard/trackpoint controller that can > >easily transformed into a keylogger (as many other devices, too). > > Every supported libreboot laptop have this same problem, they all > have blobs on Embedded Controller. Yes, indeed, that could be fixed if someone liberates that: -> There is a toolchain and some example code for older Thinkpad EC on the Thinkpad wiki. Any recent gcc for the correct architecture should probably work. I've not looked enough at the code and so on to be able to understand how to flash the EC. -> Google has a free software "OS" for the chromebooks EC, and this is supported inside the mainline Linux kernel. > I think the correct point here is ask if libreboot supported laptops > run microcode. Acording to GNUtool here [1] the x60 still running > microcode even removing it on bios. On coreboot, yes. Not on libreboot. That's also the point of libreboot. Denis.
pgpDMpHMlPc2i.pgp
Description: OpenPGP digital signature
