On 20.01.2018 20:16, taii...@gmx.com wrote:
On 01/20/2018 02:08 PM, Davidson wrote:
I just forgot. I noticed that some places (librem I think, and
are selling computers with ME (partially) disabled on their intel
procs, does anyone know about either buying just procs or mobo/proc
combos with (partially) disabled intel ME procs?
Purism is a scam, ME can't be disabled.
Please note their "coreboot" is simply a shim loader layer, the
hardware init is done by the intel FSP binary blob moving the trust
layer from the vendor+intel to just intel which I argue is not a real
improvement to justify the high price of their devices.
Google tried to get intel to free ME, if they can't do it then no one
System76, Purism etc are all using me_cleaner a tool which they didn't
develop so you can buy pretty much any laptop and get the same results
if ME is your only concern although considering the massive security
problems with intel CPU's now I wouldn't buy one.
My laptop recommendation as always is a lenovo G505S, no ME/PSP and
coreboot with open source cpu/ram init (blobs for video/power, but are
removable due to no hardware code signing enforcement unlike intel or
new amd stuff). It works with Qubes 4.0.
For a desktop/workstation I recommend the libre firmware available
KCMA-D8/KGPE-D16 (coreboot with entirely open source hardware init)
they also feature OpenBMC for libre remote management.
As I understood it, its not *totally* disabled but is *partially*
disabled (like the TCP/IP stack).
Anyway. Your KGPE-D16 suggestion is interesting (thx!), and that mobo+ a
12core 2014 opteron seems like it would be fairly speedy? Certainly
compared to my old i3/8gb tower. This may sound silly but in the VM
context, would a 12 core processor be excessive or would it be "fully
utilized" by Qubes?
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to firstname.lastname@example.org.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.