-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi everyone,
As those of you who've read Joanna's paper "Intel x86 Considered Harmful" are well aware, the Intel ME and other closed-source firmware pose a threat to trustworthy computing. We can do all the awesome hypervisor and isolation stuff we want (e.g. Qubes OS), but this doesn't help when the firmware is evil (and closed-source firmware should probably be assumed to be evil). x86 is not likely to improve much on this front (although Trammel Hudson's recent work is pretty cool), which means we should seriously be looking into alternative architectures. POWER8 is probably the best contender for a serious alternative to x86. As you may have heard, Raptor Engineering is doing a crowdfund campaign on Crowd Supply to produce the Talos Secure Workstation, a POWER8 desktop/workstation with fully libre firmware that is comparable in performance to current Intel hardware. In addition, most of the mainboard logic is implemented using FPGA's with libre bitstreams and libre toolchains instead of ASICs, which adds to the auditability and control by the user. Features particularly of interest to people who use Qubes include HVM, IOMMU, and TPM, as well as some very interesting engineering relating to preventing evil maid attacks. Raptor has done an excellent writeup of the latter; see the following links: https://www.crowdsupply.com/raptor-computing-systems/talos-secure-workst ation/updates/talos-fpga-functions-and-responsibilities-part-1 https://www.crowdsupply.com/raptor-computing-systems/talos-secure-workst ation/updates/talos-fpga-functions-and-responsibilities-part-2 (People who enjoy reading Joanna's technical writeups are likely to enjoy the above Raptor writeups too.) And of course, as a workstation class machine, Talos supports plenty of RAM for running lots of VM's simultaneously, as Qubes users tend to do. Raptor Engineering already has a solid track record of Coreboot and Libreboot development (among other relevant areas of expertise), so unlike most of the projects that have done crowdfunding in this space, Raptor has an understanding of the tasks involved and is likely to actually deliver. Fedora and Debian already support POWER8, so the Qubes dom0 and AppVM components shouldn't be hard to port. Xen does not support POWER8 at the moment, so Qubes won't run on Talos when the Talos ships. However, there is interest in adding POWER8 support to Xen, and POWER8 support for Xen is much more likely to happen, and much faster, if Talos meets their funding goal. Yes, the price for a Talos is sadly quite high. Note that it is much more powerful than most consumer PC's (e.g. the low-end "Desktop Edition" comes with 128 GiB of RAM), and that small production runs are naturally more expensive. If they meet their funding goal, it is likely that price decreases will happen later in the product lifecycle, as well as producing a new version based on POWER9. If you're in a financial position to order a mainboard (or a complete system), please support them. For the far greater number of you who are not (I definitely can't afford a mainboard), please consider the $250 SSH option, and if you can't do that, please consider donating $10. If you have friends who understand that closed firmware is a threat, tell them about Talos. If you have friends who ideologically are aligned (e.g. who support privacy rights) but who aren't aware of the technical concerns about x86 and closed firmware, explain the issue to them. There are industry players watching to see how this campaign goes and how diverse the support is; every $10 donation is a vote that signals "We want this to happen." $10 really does make a difference here. The crowdfund campaign ends in 29 days on Jan 14. You can support them here: https://www.crowdsupply.com/raptor-computing-systems/talos-secure-workst ation Cheers, - -Jeremy Rand -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJYU3gOAAoJELPy0WV4bWVwO+IQAIr+UtgNk+29oFRjvd+UKMUF QkWkXrn+PqWDYs63NSX4LWnyO3apo1wY/yjmBkSiKKvEnK+1v3nDOAxGxPSKyWC1 9DWhESfBzM1dagy2spGEB7YpuAM4yrp1Ih58PxT1e/mRRca14NomwzNiNiqDpw94 rZWQXxQ/igMQ8VTLivFosjB6aMKB2TyM8xFYMDg8+yefumG5wGrDKhSacM21L7MM uLilg0eTJLkttYXNnnZOATcIsymuT3Wi84hCkGzbDWekNen2/ZJfZO5+K39tzUXo xsK+ndi6RSU2khOJ2+/laU37aDV0iKAKRlWi0T40fmTaO/skedZSNIJ2Br7iXwGh UyUSAnhy26oH1wYJ8Y+oAd+liJStlxCRf5TCDWo4SsojR1IYV9qoIjfFOjPmUxT6 pLNhuEKP5UdP1yDvCjF+DLr+LtCjmkP63hCz+Asj0sesO7zcO4EYQEwyATx2b60S Uonczt9QFznxLy9wQdo8qi3beBDY3ap2dTvikvQydSMSSsh9kP3yVDhRkAxHMCn6 2u68jSUVszRQv5C15PG96bZa3cZ2oR570RJ9Yb+PfrOjRxd7z0e3+ApqIWyu68kf hMQeJCkPpI/GKOqjnJaweu9cuoMfh0mGYGRs1tIfDuJBFFzt5A/8RA10O+aViZMO h0OR5a2svxdfqY97t74y =pROL -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6834d7f3-59fd-5e7a-50cb-adbc95c2d111%40airmail.cc. For more options, visit https://groups.google.com/d/optout.
