On 03/16/2018 11:52 AM, 'awokd' via qubes-devel wrote:
On Fri, March 16, 2018 2:50 pm, [email protected] wrote:
As always I suggest encouraging the xen developers to accept help (from
raptor and IBM) to port xen to POWER
When I felt them out on it, I got the impression they were welcoming help
from anybody on porting Xen to POWER.
https://www.mail-archive.com/[email protected]/msg08625.html
Timothy Pearson from raptor said otherwise :[ that the devs didn't
accept the support advances from raptor and IBM.
If you want I can email you the TALOS 2 IRC chatlog - it is massive so
it must be send as an attachment.
I would say one of the main issues now is people not buying the TALOS 2
because they couldn't use qubes, kind of chicken and egg problem - to
which I reply that if no one buys the T2 it will be the end of owner
controlled high performance computing and eventually the end of owner
controlled computing in general even being able to run your own apps or
unsigned apps will be prohibited in wintels vision of the future.
Whereas if people buy a TALOS 2 there are plans for a TALOS bricktop
(similar to how laptops were in the mid 90's) and eventually a normal
mobile workstation style POWER laptop in addition to the TALOS 3.
I encourage everyone to purchase it anyway and make due POWER-KVM/QEMU
which still enables you to create a very capable (and fast)
virtualization setup, you would have much better security with that than
with qubes running on a ME/PSP computer or an old post-support x86 device.
The TALOS 2 board/cpu costs less than an intel xeon setup with
equivilant performance and features and is about the same price as a two
KGPE-D16 boards with new dual processors (the last and best owner
controlled x86 board)
I will be getting one and using it for a qubes style virtualization
setup when I get a decent job.
Everyone's too busy now, but is there a long-term/blue-sky vision of Qubes
on non-x86 architectures, whether ARM, POWER or some other? Is that where
Qubes Air comes in? Staying true to the concept of isolating data from
exploited hardware seems to only be getting more difficult on x86. I've
read through some of the discussions on here about ARM, but (open)POWER
products are still pretty new.
>From Qubes' perspective, which arch. would make the most sense to pursue
long-term?
POWER is the only performance owner controlled arch and the only one
that makes sense as it has a OEM that is becoming more open rather than
less open and they actually listen to what the customers and vendors
want, raptor engineering (makers of TALOS 2 and various coreboot stuff)
managed to convince IBM to open source a variety of things beyond what
they were already doing.
Hilarious that IBM of all companies is the one to save computing freedom :0
https://www.mail-archive.com/[email protected]/msg08801.html
"That's indeed an issue. There are ARM64 SoCs which are very capable and
could easily match or even outperform commodity Intel desktop hardware,
but no-one offers them in a desktop or workstation package. I guess the
seemingly dwindling desktop market is not very attractive to vendors."
Gigabyte sells the MP30, an AppliedMicro ARM CPU device
server/workstation board - 16 cores that compare to a sandy bridge
device no idea if it has ARM's IOMMU equivilant however (the GIC V3)
On 03/16/2018 01:49 PM, Yuraeitha wrote:
For example, the unwanted spyware second cpu blobs could be put in the phones
equivalent to pc's sys-net, befind a sys-firewall.
That is impossible - at least I don't know of any phone SoC's don't have
IOMMU's let alone one in common use.
Btw by default the linux kernel restricts DMA if an IOMMU is present so
you don't really need sys-net what that does is prevent errors in the
networking code/drivers from being able to exploit the main system - its
purpose isn't to prevent DMA exploits.
AFAIK the baseband is equivilant to an Intel ME/AMD PSP type system in
that it always has access to the main memory, cpu and peripherals.
As of now I would go with a replicant compatible phone such as the
galaxy S3 which supports open source firmware for the baseband (phone ME
slash modem) which negates almost all concerns that would require a sys-net.
Android can limit application capabilities so I really don't think this
is needed at all especially when compared with urgent things like POWER.
By all appearances we're moving towards an age where laptops one day not too
far into the future will stop to exist altogether in favor of smartphone acting
as a laptop, and instead connect to a bigger screen/keyboard/mouse with the
smartphone. It'd be extremely interesting if this would one day be possible to
do with Qubes.
It won't as they will use hardware code signing enforcement to deny you
your own OS.
Intel ME/AMD PSP is only the beginning of the gradual revoking of
computing rights, one day you will only be allowed to run windows and
install approved apps from the windows store - microsoft is already
planning this - unless you pay for a "developer" PC.
How does intel/amd expect people to learn how to program firmware for
x86 without selling owner controlled machines that have or at least
support libre firmware? who knows.
Smartphones are catching up too, at some point soon normal user wouldn't need
all that computing power that can be put into phones, and for some users that's
already the case already now.
Qubes OS also seems more immune to failure here unlike Oracles Ubuntu phone
failure, and the many others out there that failed. I mean, if small work can
be done here and there, some day we might not need much to start installing
Qubes on smartphones. Having the ability to shutoff microphone/camera/gps when
not used is also extremely ideal, at the very least pulling it from android
when not used (the second cpu spyware chip might be harder to block though).
@[email protected]
I can work with that, I'll call it BIOS instead on-wards.
Yay :D its also why I say "IOMMU" instead of "VT-d" many lazy/uniformed
people think that it is an only intel technology and have no idea that
all other modern CPU's can have it including POWER (POWER-IOMMU) and ARM
(GIC V3)
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-devel/ef431504-9d9c-7bc0-8695-600e76bed315%40gmx.com.
For more options, visit https://groups.google.com/d/optout.
