Re: [coreboot] Server systems shipped with coreboot

[Sam Kuper]

On 23/03/2018, Thierry Laurion  wrote:
> If ... ME is disabled with its modules erased, could
> the maker pursue the seller for having made those modifications?

Interesting question. ThinkPenguin seems to be willing to take that
risk, but hedges it by voiding the warranty:

"Backdoors in modern computing devices are unfortunately a certainty
today and while we can't be sure of a fix here it is possible to
partially disable one component believed to be a problem. This option
does have side-effects and will void any return." [1]

(AFAICT, that laptop has the ME "disabled" if the buyer wishes, but it
does not ship with Coreboot or Libreboot.)

[1] https://www.thinkpenguin.com/gnu-linux/penguin-z-gnulinux-laptop

-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[awokd via coreboot]

On Sun, March 25, 2018 3:21 pm, thierry.laur...@gmail.com wrote:
> On 03/23/2018 05:22 PM, taii...@gmx.com wrote:
>
>> Please also keep in mind that it is impossible to disable ME.
>>
> That is not a binary yes/no fact.
>
>
> Depending of the ME version, it is possible to deactivate it.
> The following x230 is not a server, but an example for older ME versions.
>
>
> The resulting ME is 98304 bytes, containing the ROMP and BUP modules
> only. The booting system complains about ME, tries to initialize it for 3
> seconds and then gives up.
>
> I know that the story is different for newer versions of ME/Servers. But
> that statement of saying that disabling ME is impossible is not empowering
> at all and not completely true.

Might just be a matter of semantics. Can you say ME is completely
"disabled" or "deactivated", even on older systems, if the system requires
ROMP and BUP to function? Have those 98304 bytes of code been analyzed for
weaknesses/obfuscation? (Don't actually know the answer to this one
although I know there has been some progress like
https://mobile.twitter.com/rootkovska/status/938458875522666497).

How about a phrase like "ME can be deactivated after initialization"- I
think that evaluates to true for everyone without getting into secret
opcodes/silicon. Like you said, probably can't be distilled down into a
single +/- word without losing context.


-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[Thierry Laurion]

Le dim. 25 mars 2018 14:08, taii...@gmx.com  a écrit :

> On 03/25/2018 11:12 AM, thierry.laur...@gmail.com wrote:
>
> > For the KGPE-D16, an integration effort was made in Heads to support
> > such board.
> >
> > https://github.com/osresearch/heads/issues/134
> >
> >   * OpenBMC support merged into coreboot so the server can boot
> >   * Flashrom support to flash OpenBMC directly from within Heads
> >   * Flashrom support to reflash Heads internally
> >   * Multiboot support, QubesOS support
> >
> > Thanks Timothy for all the great work that was accomplished on that
> > board in the past years.
> >
> >
> > TPM2 integration is still missing though. Don't hesitate to collaborate
> > onto  heads to integrate VBOOT changes. 16Mb of SPI flash is more then
> > enough to support it.
> >
> > Talos II cannot actually fulfill most of the threat models that the
> > KGPE-D16 can with Heads + QubesOS combined.
> The TALOS 2 has libre firmware, POWER-KVM, POWER-IOMMU and *it isn't a
> dead platform* - it is definitely worth a purchase.
> There isn't a POWER-qubes or a POWER-heads because no one has POWER
> computers and because there aren't those and "you can just get a *some
> x86 machine*" then not many will buy one and it will be the end of
> freedom computing...


> The facts are that x86_64 is a dead platform and there will never again
> be another owner controlled x86_64 device. - people need to understand
> that

True. Reluctance to change is another terrain reality though.

> and realize that things like qubes for POWER is a catch-22
> situation that will never be solved unless people have POWER machines
> and use them for their other virtualization needs until then.
>
That's a geeky path and unfortunately not accessible for a lot of use cases
and threat models. Even Qubes is still geeky for the masses. Getting easier
to use, true. But teaching to whom needs it the most is already a big
challenge in itself.

What I mean here is that cooperation should be the path taken. The
virtualization abstraction layer in Qubes is there, thanks to libvirt.
Helper scripts are missing though. If there is a response from early
programmers adopters out there, willing to contribute to Qubes (Timothy's
friends and partners?) that could really ease adoption. People want it.

 There is a need to have an alternative to x86, i think everyone
knowledgeable agrees to that. The thing is to easy that move. Xen won't do
thee move until pushed a little. KVM could be used for HVM in Qubes. I'm
pretty sure that if a couple of Talos II were borrowed to Qubes enhousiast
developers, the helper scripts would be written pretty quickly.

Meanwhile, I'll encourage willing customers who desires private cloud
solutions in their organization to buy Talos II. But it won't fulfill the
threat models of others until easier compartmentalization is available.

>
> Btw whats better about TPM2 vs TPM1? (Is there anything useful? AFAIK
> the only difference is the addition of more microsoft sponsored
> non-owner controlled features that could be potentially used for DRM)
>
Mostly true. But TPM2 comes now in all recent hardware for different
sockets and can be used for measured boot/trusted boot. Its support got
included in Grub and vboot. Linux kernel integrated a scheduler recently to
properly deal with concurrent requests.
Watch this talk.
https://fosdem.org/2018/schedule/event/tpm/

KGPE-D16 has a 19 pin header. I'm not aware of any TPMv1 that fits that
connector. Is there any? For measured boot and user ownability of hardware,
there is no specific need for TPMv2 but largest and stronger algorithms
including curves. Other then that, it was just pushed by DRM needs, I
believe.

I always thought a useful TPM feature to prevent it from being used for
> DRM is to have a fuse one can set to enable a "secure" mode otherwise
> one is able to freely read back anything on the chip.
>
Can be used two times. Once in the BIOS and then reused in the OS for other
means. No, the secrets kept in there are useful for a lot of uses from a
user perspective. You should watch the talk linked above.

>
> --
> coreboot mailing list: coreboot@coreboot.org
> https://mail.coreboot.org/mailman/listinfo/coreboot
>
-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[taii...@gmx.com]

On 03/24/2018 09:21 AM, Alberto Bursi wrote:

> I was writing within context of this mail thread.
>
> This mail "thread" is about Coreboot on server systems, and no major 
> manufacturer I know of, apart from IBM and the board from Raptor 
> Engineering ever used Coreboot on server systems, so yeah, on server 
> boards it is nearly always retrofitted by the end user or some third 
> party that resells it.
They haven't sold boards with it and I am not entirely sure if it was an
official effort but people from Supermicro and AMD worked on the
coreboot ports for the H8SCM and maybe a couple other devices.

-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[taii...@gmx.com]

On 03/25/2018 11:12 AM, thierry.laur...@gmail.com wrote:

> For the KGPE-D16, an integration effort was made in Heads to support
> such board.
>
> https://github.com/osresearch/heads/issues/134
>
>   * OpenBMC support merged into coreboot so the server can boot
>   * Flashrom support to flash OpenBMC directly from within Heads
>   * Flashrom support to reflash Heads internally
>   * Multiboot support, QubesOS support
>
> Thanks Timothy for all the great work that was accomplished on that
> board in the past years.
>
>
> TPM2 integration is still missing though. Don't hesitate to collaborate
> onto  heads to integrate VBOOT changes. 16Mb of SPI flash is more then
> enough to support it.
>
> Talos II cannot actually fulfill most of the threat models that the
> KGPE-D16 can with Heads + QubesOS combined.
The TALOS 2 has libre firmware, POWER-KVM, POWER-IOMMU and *it isn't a
dead platform* - it is definitely worth a purchase.
There isn't a POWER-qubes or a POWER-heads because no one has POWER
computers and because there aren't those and "you can just get a *some
x86 machine*" then not many will buy one and it will be the end of
freedom computing...

The facts are that x86_64 is a dead platform and there will never again
be another owner controlled x86_64 device. - people need to understand
that and realize that things like qubes for POWER is a catch-22
situation that will never be solved unless people have POWER machines
and use them for their other virtualization needs until then.

Btw whats better about TPM2 vs TPM1? (Is there anything useful? AFAIK
the only difference is the addition of more microsoft sponsored
non-owner controlled features that could be potentially used for DRM)
I always thought a useful TPM feature to prevent it from being used for
DRM is to have a fuse one can set to enable a "secure" mode otherwise
one is able to freely read back anything on the chip.

-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[ron minnich]

On Sat, Mar 24, 2018 at 6:22 AM Alberto Bursi 
wrote:

> I was writing within context of this mail thread.
>
> This mail "thread" is about Coreboot on server systems, and no major
> manufacturer I know of, apart from IBM and the board from Raptor
> Engineering ever used Coreboot on server systems, so yeah,\
>

Linux NetworX shipped several hundred thousand server boards in the early
to mid 2000s with linuxbios supplied. Most were x86, mixed intel and AMD,
and some were Alpha. There were also a few others but no one on that scale.
But, it happened.

ron
-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[thierry . laurion]

Sorry for the previous mistypings. Redoing this mail properly.

On 03/24/2018 07:41 PM, Thierry Laurion wrote:
> Hi all, > > Le ven. 23 mars 2018 13:56, > a écrit : > > I am not a
lawyer, but have some understanding of the relevant liability > law.
This is not legal advice. > > If damage is cause to the hardware that
the ME would have prevented, very > likely. > Damage prevented by ME?
> > Same goes for any security holes opened by removing the ME. >
Security holes opened by removing the ME? fTPM? What else is implied here?
> > This > is not a supported option by Intel, so (practically*) they
have no further > liability for anything that goes wrong on ME scrubbed
systems. > > * You would need to prove in an airtight manner that the
same defect shows > up on fully updated ME-enabled systems. Given the
closed nature of the ME > this may be difficult in a legal environment
short of reproducing a defect > across multiple ME-enabled identical
systems. > > > Hi all, > > > > Searching legal implications of reselling
deblobbed hardware, and can't > > fight straight answers. > > > > If the
bios is replaced, and ME is disabled with its modules erased, could > >
the maker pursue the seller for having made those modifications? > > > >
Thanks, > > Thierry > > > > Le mar. 23 janv. 2018 13:56, Timothy Pearson
> > > > > a écrit : > >
> 4 cores, SMT4.  There's an 8-core available for $190 more, and AFAIK
> there are plans to start offering an 18-core server chip very shortly.
>
> These are the OpenPOWER machines, so there is hardware virtualization
> support (including I/O passthrough) that works well with kvm and QEMU.
> I haven't really heard anything referred to as "LPAR" on these newer
> POWER8/POWER9 machines outside of legacy documents.
>
> On 01/23/2018 12:47 PM, ron minnich wrote:
> > how many cores is that? Does it come with LPAR?
>
> > On Mon, Jan 22, 2018 at 9:48 PM taii...@gmx.com 
> >
> >   >> wrote:
>
> > In case anyone wants to know the (non-coreboot) libre firmware
> TALOS
> 2
> > single CPU/board combo is now only 2.5K.
>
> > I still can't figure out how they managed to make it so
> affordable,
> this
> > is seriously great.
>
> > --
> > coreboot mailing list: coreboot@coreboot.org
> 
> > >
> > https://mail.coreboot.org/mailman/listinfo/coreboot
>
>
>
> >> > >> -- > >> coreboot mailing list: coreboot@coreboot.org
 > >>
https://mail.coreboot.org/mailman/listinfo/coreboot > >> > > > >

-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[thierry . laurion]

On 03/23/2018 05:22 PM, taii...@gmx.com wrote:
> Please also keep in mind that it is impossible to disable ME.
That is not a binary yes/no fact.

Depending of the ME version, it is possible to deactivate it.
The following x230 is not a server, but an example for older ME versions.

The resulting ME is 98304 bytes, containing the ROMP and BUP modules only.
The booting system complains about ME, tries to initialize it for 3
seconds and then gives up.

I know that the story is different for newer versions of ME/Servers. But
that statement of saying that disabling ME is impossible is not
empowering at all and not completely true.

Thierry

user@build-x230:~/Downloads/me_cleaner$
~/Downloads/me_cleaner/me_cleaner.py -O
~/Documents/Firmwares/ME/x230t/2.65/clean_flash.rom
~/Documents/Firmwares/originals/x230t/2.65/spi2_MX25L6405D_8192.rom -S
-r -t -M ~/Documents/Firmwares/ME/x230t/2.65/extracted_me
Full image detected
The ME/TXE region goes from 0x3000 to 0x50
Found FPT header at 0x3010
Found 23 partition(s)
Found FTPR header: FTPR partition spans from 0x18 to 0x24a000
ME/TXE firmware version 8.1.30.1350
Public key match: Intel ME, firmware versions 7.x.x.x, 8.x.x.x
Reading partitions list...
  (0x03c0 - 0x00400, 0x0040 total bytes): removed
 FOVD (0x0400 - 0x01000, 0x0c00 total bytes): removed
 MDES (0x1000 - 0x02000, 0x1000 total bytes): removed
 FCRS (0x2000 - 0x03000, 0x1000 total bytes): removed
 EFFS (0x3000 - 0xdf000, 0x000dc000 total bytes): removed
 BIAL (NVRAM partition, no data, 0xadd0 total bytes): nothing to remove
 BIEL (NVRAM partition, no data, 0x3000 total bytes): nothing to remove
 BIIS (NVRAM partition, no data, 0x00036000 total bytes): nothing to remove
 NVCL (NVRAM partition, no data, 0x00010511 total bytes): nothing to remove
 NVCM (NVRAM partition, no data, 0x493f total bytes): nothing to remove
 NVCP (NVRAM partition, no data, 0xa553 total bytes): nothing to remove
 NVJC (NVRAM partition, no data, 0x4000 total bytes): nothing to remove
 NVKR (NVRAM partition, no data, 0x0001257d total bytes): nothing to remove
 NVOS (NVRAM partition, no data, 0x00034af5 total bytes): nothing to remove
 NVSH (NVRAM partition, no data, 0x7609 total bytes): nothing to remove
 NVTD (NVRAM partition, no data, 0x1eac total bytes): nothing to remove
 PLDM (NVRAM partition, no data, 0xa000 total bytes): nothing to remove
 GLUT (0x000df000 - 0xe3000, 0x4000 total bytes): removed
 LOCL (0x000e3000 - 0xe7000, 0x4000 total bytes): removed
 WCOD (0x000e7000 - 0x00014, 0x00059000 total bytes): removed
 MDMV (0x0014 - 0x00018, 0x0004 total bytes): removed
 FTPR (0x0018 - 0x00024a000, 0x000ca000 total bytes): NOT removed
 NFTP (0x0024a000 - 0x0004a4000, 0x0025a000 total bytes): removed
Removing partition entries in FPT...
Removing EFFS presence flag...
Correcting checksum (0x7b)...
Reading FTPR modules list...
 UPDATE   (LZMA   , 0x1cc4f2 - 0x1cc6b0   ): removed
 ROMP (Huffman, fragmented data, ~2 KiB   ): NOT removed,
essential
 BUP  (Huffman, fragmented data, ~56 KiB  ): NOT removed,
essential
 KERNEL   (Huffman, fragmented data, ~135 KiB ): removed
 POLICY   (Huffman, fragmented data, ~91 KiB  ): removed
 HOSTCOMM (LZMA   , 0x1cc6b0 - 0x1d348b   ): removed
 RSA  (LZMA   , 0x1d348b - 0x1d86e0   ): removed
 CLS  (LZMA   , 0x1d86e0 - 0x1dde71   ): removed
 TDT  (LZMA   , 0x1dde71 - 0x1e4556   ): removed
 FTCS (Huffman, fragmented data, ~18 KiB  ): removed
 ClsPriv  (LZMA   , 0x1e4556 - 0x1e4937   ): removed
 SESSMGR  (LZMA   , 0x1e4937 - 0x1f3240   ): removed
Relocating FTPR from 0x18 - 0x24a000 to 0xd00 - 0xcad00...
 Adjusting FPT entry...
 Adjusting LUT start offset...
 Adjusting Huffman start offset...
 Adjusting chunks offsets...
 Moving data...
The ME minimum size should be 98304 bytes (0x18000 bytes)
The ME region can be reduced up to:
 3000:0001afff me
Setting the AltMeDisable bit in PCHSTRP10 to disable Intel ME...
Extracting and truncating the ME image to
"/home/user/Documents/Firmwares/ME/x230t/2.65/extracted_me"...
Checking the FTPR RSA signature of the extracted ME image... VALID
Checking the FTPR RSA signature... VALID
Done! Good luck!

>
> *I am not a lawyer*
> In america the first sale law means you are allowed to do as you please
> with a device you purchased as long as you are not violating any EULA
> but if you somehow did the impossible and figured out how to execute
> code on the ME core you would be breaking the law as it is also a DRM
> mechanism (PAVP, HDCP, intel insider etc) which is illegal to bypass.
>



-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[thierry . laurion]

For the KGPE-D16, an integration effort was made in Heads to support
such board.

https://github.com/osresearch/heads/issues/134

  * OpenBMC support merged into coreboot so the server can boot
  * Flashrom support to flash OpenBMC directly from within Heads
  * Flashrom support to reflash Heads internally
  * Multiboot support, QubesOS support

Thanks Timothy for all the great work that was accomplished on that
board in the past years.


TPM2 integration is still missing though. Don't hesitate to collaborate
onto  heads to integrate VBOOT changes. 16Mb of SPI flash is more then
enough to support it.

Talos II cannot actually fulfill most of the threat models that the
KGPE-D16 can with Heads + QubesOS combined.

That is why i'm interested in the legal implications and limitations of
selling such systems with replaced firmwares. That and the
deactivation/suppression of ME/PSP blobs.


Couple of interesting hints given here legally. Thanks a bunch. Will
have official legal advices in the next coming days. Will share them back.


Thierry


On 01/17/2018 06:12 AM, Piotr Kubaj via coreboot wrote:
> There's no "pure coreboot" systems. You need some payload.
>
> Also, while Talos is truly awesome, the OP asked about coreboot
> specifically and Talos doesn't run coreboot :)
>
> At the moment, the best coreboot-supported server motherboard is ASUS
> KGPE-D16. You can also get libre BMC with OpenBMC port for it.
>
> If you just want a libre motherboard, Talos is the best you can get.
>
> On 18-01-17 12:00:01, coreboot-requ...@coreboot.org wrote:
>> Message: 2
>> Date: Tue, 16 Jan 2018 19:29:18 +0100
>> From: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2...@gmx.net>
>> To: Coreboot <coreboot@coreboot.org>
>> Subject: [coreboot] Server systems shipped with coreboot
>> Message-ID: <d5d6d8ee-77ee-4232-a89a-e5158140b...@gmx.net>
>> Content-Type: text/plain; charset=UTF-8
>>
>> Hi,
>>
>> does anyone have a list of server systems which are shipped with
>> coreboot? I'm interested in coreboot+UEFI systems, coreboot+Linux
>> systems, coreboot+SeaBIOS systems, pure coreboot systems.
>>
>> At 34C3 I was told by someone that a major vendor has been shipping
>> servers with coreboot without announcing this, and I unfortunately
>> neither remember the server model nor who told me about this. If said
>> person could remind contact me, I'd be thankful.
>>
>> Regards,
>> Carl-Daniel
>>
>>
>>
>> --
>>
>> Message: 3
>> Date: Wed, 17 Jan 2018 00:28:23 +0300
>> From: Mike Banon <mikeb...@gmail.com>
>> To: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2...@gmx.net>,
>> coreboot@coreboot.org
>> Subject: Re: [coreboot] Server systems shipped with coreboot
>> Message-ID:
>> <cak7947nvzptqehirzfpqpt_kqvferxzfnrppeb_ntvhegxs...@mail.gmail.com>
>> Content-Type: text/plain; charset="UTF-8"
>>
>> Hi friend ! I just googled "coreboot servers" and found this:
>>
>> https://store.vikings.net/the-server-1u , and
>> https://www.siliconmechanics.com/i7045/opteron-server.php
>> (Installation of coreboot is available with certain configurations;
>> contact Sales for details.)
>>
>> And, of course, Talos II POWER9 servers which are already available
>> for pre-orders.
>> They are the future of libre server computing :
>> https://www.raptorcs.com/TALOSII/prerelease.php
>>
>> So basically there are two options:
>> 1) use one of a few coreboot-supported boards with AMD Opterons (which
>> are also a bit outdated)
>> you can even build such a server by yourself, just get the supported
>> hardware and flash coreboot to it
>> 2) preorder Talos II and wait for shiny new server to come ;)
>>
>> Mike
>>
>>
>> On Tue, Jan 16, 2018 at 9:29 PM, Carl-Daniel Hailfinger
>> <c-d.hailfinger.devel.2...@gmx.net> wrote:
>>> Hi,
>>>
>>> does anyone have a list of server systems which are shipped with
>>> coreboot? I'm interested in coreboot+UEFI systems, coreboot+Linux
>>> systems, coreboot+SeaBIOS systems, pure coreboot systems.
>>>
>>> At 34C3 I was told by someone that a major vendor has been shipping
>>> servers with coreboot without announcing this, and I unfortunately
>>> neither remember the server model nor who told me about this. If said
>>> person could remind contact me, I'd be thankful.
>>>
>>> Regards,
>>> Carl-Daniel
>>>
>>> -- 
>>> coreboot mailing list: coreboot@coreboot.org
>>> https://mail.coreboot.org/mailman/listinfo/coreboot
>>
>>
>>
>> --
>>
>> Subject: Digest Footer
>>
>> ___
>> coreboot mailing list
>> coreboot@coreboot.org
>> https://mail.coreboot.org/mailman/listinfo/coreboot
>>
>> --
>>
>> End of coreboot Digest, Vol 155, Issue 24
>> *
>>
>> -- 
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>
>

-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[Thierry Laurion]

Hi all,

Le ven. 23 mars 2018 13:56,  a écrit :

> I am not a lawyer, but have some understanding of the relevant liability
> law.  This is not legal advice.
>
> If damage is cause to the hardware that the ME would have prevented, very
> likely.

Damage orevrntrd by ME?

Same goes for any security holes opened by removing the ME.

Like deactivating fTPM Boeing considered as opening security holes? I don't
understand the suppositions made here.

> This
> is not a supported option by Intel, so (practically*) they have no further
> liability for anything that goes wrong on ME scrubbed systems.
>
> * You would need to prove in an airtight manner that the same defect shows
> up on fully updated ME-enabled systems.  Given the closed nature of the ME
> this may be difficult in a legal environment short of reproducing a defect
> across multiple ME-enabled identical systems.
>
> > Hi all,
> >
> > Searching legal implications of reselling deblobbed hardware, and can't
> > fight straight answers.
> >
> > If the bios is replaced, and ME is disabled with its modules erased,
> could
> > the maker pursue the seller for having made those modifications?
> >
> > Thanks,
> > Thierry
> >
> > Le mar. 23 janv. 2018 13:56, Timothy Pearson
> > 
> > a écrit :
> >
> >> -BEGIN PGP SIGNED MESSAGE-
> >> Hash: SHA1
> >>
> >> 4 cores, SMT4.  There's an 8-core available for $190 more, and AFAIK
> >> there are plans to start offering an 18-core server chip very shortly.
> >>
> >> These are the OpenPOWER machines, so there is hardware virtualization
> >> support (including I/O passthrough) that works well with kvm and QEMU.
> >> I haven't really heard anything referred to as "LPAR" on these newer
> >> POWER8/POWER9 machines outside of legacy documents.
> >>
> >> On 01/23/2018 12:47 PM, ron minnich wrote:
> >> > how many cores is that? Does it come with LPAR?
> >> >
> >> > On Mon, Jan 22, 2018 at 9:48 PM taii...@gmx.com
> >> 
> >> > > wrote:
> >> >
> >> > In case anyone wants to know the (non-coreboot) libre firmware
> >> TALOS
> >> 2
> >> > single CPU/board combo is now only 2.5K.
> >> >
> >> > I still can't figure out how they managed to make it so
> >> affordable,
> >> this
> >> > is seriously great.
> >> >
> >> > --
> >> > coreboot mailing list: coreboot@coreboot.org
> >> > 
> >> > https://mail.coreboot.org/mailman/listinfo/coreboot
> >> >
> >>
> >>
> >> - --
> >> Timothy Pearson
> >> Raptor Engineering
> >> +1 (415) 727-8645 (direct line)
> >> +1 (512) 690-0200 (switchboard)
> >> https://www.raptorengineering.com
> >> -BEGIN PGP SIGNATURE-
> >> Version: GnuPG v1
> >>
> >> iQEcBAEBAgAGBQJaZ4U2AAoJEK+E3vEXDOFbBUEIAKxL6cD2L27yZh63OhM0TD8h
> >> BZD2r0nYF/NLfGi50KuMZPNzb2lpzgLHc06ZHZmJBU0sFUbTdI3WrYibDPtY4lva
> >> 1uG3gedN2u+sUCzTKrLILOyrstlJ2lQ4+8jxyO8PncK9Zx3LtgbSlGVGq+pvxsXI
> >> Ac8Yqm+de6Is8aaAHMMzaT9UNxcjXCAs/zZm3iWcPkA2B0CVVUoKnsFuhtGG1cGd
> >> j4bukGJrojkUMEFxIG93qphcurdP2AjuvOaUdZVuoC0uxdVL2az77SgRUH8Vmxdd
> >> SFhAzG7j4LsqGMwiZBkubBZpSMPj6kPyRQUIxwwAk/vRLpOxoPdaEbrI/9wyIaM=
> >> =PFaf
> >> -END PGP SIGNATURE-
> >>
> >> --
> >> coreboot mailing list: coreboot@coreboot.org
> >> https://mail.coreboot.org/mailman/listinfo/coreboot
> >>
> >
>
>
>
-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[Alberto Bursi]

I was writing within context of this mail thread.

This mail "thread" is about Coreboot on server systems, and no major 
manufacturer I know of, apart from IBM and the board from Raptor 
Engineering ever used Coreboot on server systems, so yeah, on server 
boards it is nearly always retrofitted by the end user or some third 
party that resells it.

-Alberto


On 03/24/2018 12:08 AM, Nico Huber wrote:
> On 23.03.2018 22:37, Alberto Bursi wrote:
>> I wanted to say what I said.
>> Dell, HP, Supermicro, Tyan, and whatever other OEM making commercial
>> servers I know of
>> is highly unlikely to accept a RMA or provide any support on their
>> hardware if you install Coreboot.
> What I was trying to tell you was that they might already ship hardware
> with coreboot. You make the impression that you have no idea about how
> much coreboot is already used in products.
>
> What you mean, I guess, is installing coreboot on hardware that didn't
> ship with it. But you make it sound like coreboot is always something
> retrofitted.
>
> Nico

-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[Alberto Bursi]

It IS lying if you don't tell them you installed Coreboot and pretend 
the issue happened with UEFI.

Also, manufacturer warranty does not cover damage done by the user, and 
flashing a third party firmware is usually enough to claim whatever 
happens to it afterwards it's your fault.
In general, anything can be used to claim the damage is your fault and 
just laugh and deny the RMA request. Who sues them over a RMA anyway.

In the EU consumer laws add seller warranty where the seller basically 
has to replace the device regardless (as they require the seller to 
demonstrate that the damage was done by the custom firmware), but that's 
another thing, and in 99% of the cases they actually honour the warranty 
(which isn't a given, Amazon and bigger ones usually do) they just toss 
your RMA in the bin and give you a new one.

-Alberto

On 03/23/2018 11:54 PM, taii...@gmx.com wrote:
> On 03/23/2018 06:33 PM, Alberto Bursi wrote:
>
>> Yeah, getting an RMA isn't hard if you just lie. Won't work for non-RMA 
>> support requests though.
> It isn't lying if OEM never stated pre-purchase that you aren't allowed
> to flash your own firmware.
> It is the same as how many laptop OEM's want you to have windows
> installed when you RMA a laptop.
>

-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[Nico Huber]

On 23.03.2018 22:37, Alberto Bursi wrote:
> I wanted to say what I said.
> Dell, HP, Supermicro, Tyan, and whatever other OEM making commercial 
> servers I know of
> is highly unlikely to accept a RMA or provide any support on their 
> hardware if you install Coreboot.

What I was trying to tell you was that they might already ship hardware
with coreboot. You make the impression that you have no idea about how
much coreboot is already used in products.

What you mean, I guess, is installing coreboot on hardware that didn't
ship with it. But you make it sound like coreboot is always something
retrofitted.

Nico

-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[taii...@gmx.com]

On 03/23/2018 06:33 PM, Alberto Bursi wrote:

> Yeah, getting an RMA isn't hard if you just lie. Won't work for non-RMA 
> support requests though.
It isn't lying if OEM never stated pre-purchase that you aren't allowed
to flash your own firmware.
It is the same as how many laptop OEM's want you to have windows
installed when you RMA a laptop.

This type of issue was actually debated quite a bit back in the 70's
(and now recently again) when car manufacturers tried to prevent people
from using after-market parts or tuning their vehicle.
https://en.wikipedia.org/wiki/Magnuson%E2%80%93Moss_Warranty_Act
https://www.sema.org/sema-enews/2011/01/ftc-validates-right-to-install-aftermarket-parts
http://www.dummies.com/home-garden/car-repair/keeping-your-mods-warranty-intact/
"Further, under the act, aftermarket equipment that improves performance
does not automatically void a vehicle manufacturer’s original warranty,
unless the warranty clearly states the addition of aftermarket equipment
automatically voids your vehicle’s warranty, or if it can be proven that
the aftermarket device is the direct cause of the failure."

It is more relevant than ever considering how computerized a modern
vehicle is and that making basic repairs these days requires firmware
modifications on some vehicles (ex: the john deere tractor problem) and
I am sure it will eventually end up in the supreme court.
It is a damn shame now even cars have been made very complex and
computerized for no real reason.

-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[Alberto Bursi]

Yeah, getting an RMA isn't hard if you just lie. Won't work for non-RMA 
support requests though.


-Alberto


On 03/23/2018 10:43 PM, taii...@gmx.com wrote:
> On 03/23/2018 05:37 PM, Alberto Bursi wrote:
>
>> I wanted to say what I said. Dell, HP, Supermicro, Tyan, and whatever other 
>> OEM making commercial servers I know of is highly unlikely to accept a RMA 
>> or provide any support on their hardware if you install Coreboot.
>> Therefore any seller of such devices would have to provide such support  and 
>> warranty on their own.
>>
>> If you just tampered the UEFI firmware is much less of an issue for RMA and 
>> support (in my experience), depending on how bad you tampered with it, 
>> anyway.
> Which is why you re-flash the original factory firmware before you RMA
> it >:D
>

-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[taii...@gmx.com]

On 03/23/2018 05:37 PM, Alberto Bursi wrote:

> I wanted to say what I said. Dell, HP, Supermicro, Tyan, and whatever other 
> OEM making commercial servers I know of is highly unlikely to accept a RMA or 
> provide any support on their hardware if you install Coreboot.
> Therefore any seller of such devices would have to provide such support  and 
> warranty on their own.
>
> If you just tampered the UEFI firmware is much less of an issue for RMA and 
> support (in my experience), depending on how bad you tampered with it, anyway.
Which is why you re-flash the original factory firmware before you RMA
it >:D

-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[Alberto Bursi]

I wanted to say what I said.
Dell, HP, Supermicro, Tyan, and whatever other OEM making commercial 
servers I know of
is highly unlikely to accept a RMA or provide any support on their 
hardware if you install Coreboot.
Therefore any seller of such devices would have to provide such support 
and warranty on their own.

If you just tampered the UEFI firmware is much less of an issue for RMA 
and support (in my experience), depending on how bad you tampered with 
it, anyway.

-Alberto


On 03/23/2018 10:17 PM, Nico Huber wrote:
> On 23.03.2018 20:28, Alberto Bursi wrote:
>> Of course they will have to be able to provide any warranty and support
>> over the devices they sell because Intel or whoever actually made the
>> server/board will not really support nor accept RMAs of stuff with
>> Coreboot on it.
> That's some unfortunate wording. I guess what you wanted to say is
> something like "stuff with tampered firmware". coreboot isn't strange
> to every manufacturer. Why would it be? it's the best firmware you can
> get for your hardware.
>
> Nico

-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[taii...@gmx.com]

Please also keep in mind that it is impossible to disable ME.

*I am not a lawyer*
In america the first sale law means you are allowed to do as you please
with a device you purchased as long as you are not violating any EULA
but if you somehow did the impossible and figured out how to execute
code on the ME core you would be breaking the law as it is also a DRM
mechanism (PAVP, HDCP, intel insider etc) which is illegal to bypass.

-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[Nico Huber]

On 23.03.2018 20:28, Alberto Bursi wrote:
> Of course they will have to be able to provide any warranty and support
> over the devices they sell because Intel or whoever actually made the
> server/board will not really support nor accept RMAs of stuff with
> Coreboot on it.

That's some unfortunate wording. I guess what you wanted to say is
something like "stuff with tampered firmware". coreboot isn't strange
to every manufacturer. Why would it be? it's the best firmware you can
get for your hardware.

Nico

-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[Alberto Bursi]

Same "I am not a lawyer" disclaimer for what I'm going to say here.


I don't think the seller can be held liable for anything, as long as 
they clearly stated what they did to the hardware they are selling.

Of course they will have to be able to provide any warranty and support 
over the devices they sell because Intel or whoever actually made the 
server/board will not really support nor accept RMAs of stuff with 
Coreboot on it.

-Alberto

On 03/23/2018 06:55 PM, tpear...@raptorengineering.com wrote:
> I am not a lawyer, but have some understanding of the relevant liability
> law.  This is not legal advice.
>
> If damage is cause to the hardware that the ME would have prevented, very
> likely.  Same goes for any security holes opened by removing the ME.  This
> is not a supported option by Intel, so (practically*) they have no further
> liability for anything that goes wrong on ME scrubbed systems.
>
> * You would need to prove in an airtight manner that the same defect shows
> up on fully updated ME-enabled systems.  Given the closed nature of the ME
> this may be difficult in a legal environment short of reproducing a defect
> across multiple ME-enabled identical systems.
>
>> Hi all,
>>
>> Searching legal implications of reselling deblobbed hardware, and can't
>> fight straight answers.
>>
>> If the bios is replaced, and ME is disabled with its modules erased, could
>> the maker pursue the seller for having made those modifications?
>>
>> Thanks,
>> Thierry
>>
>> Le mar. 23 janv. 2018 13:56, Timothy Pearson
>> 
>> a écrit :
>>
>>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA1
>>>
>>> 4 cores, SMT4.  There's an 8-core available for $190 more, and AFAIK
>>> there are plans to start offering an 18-core server chip very shortly.
>>>
>>> These are the OpenPOWER machines, so there is hardware virtualization
>>> support (including I/O passthrough) that works well with kvm and QEMU.
>>> I haven't really heard anything referred to as "LPAR" on these newer
>>> POWER8/POWER9 machines outside of legacy documents.
>>>
>>> On 01/23/2018 12:47 PM, ron minnich wrote:
 how many cores is that? Does it come with LPAR?

 On Mon, Jan 22, 2018 at 9:48 PM taii...@gmx.com
>>> 
 > wrote:

  In case anyone wants to know the (non-coreboot) libre firmware
>>> TALOS
>>> 2
  single CPU/board combo is now only 2.5K.

  I still can't figure out how they managed to make it so
>>> affordable,
>>> this
  is seriously great.

  --
  coreboot mailing list: coreboot@coreboot.org
  
  https://mail.coreboot.org/mailman/listinfo/coreboot

>>>
>>> - --
>>> Timothy Pearson
>>> Raptor Engineering
>>> +1 (415) 727-8645 (direct line)
>>> +1 (512) 690-0200 (switchboard)
>>> https://www.raptorengineering.com
>>> -BEGIN PGP SIGNATURE-
>>> Version: GnuPG v1
>>>
>>> iQEcBAEBAgAGBQJaZ4U2AAoJEK+E3vEXDOFbBUEIAKxL6cD2L27yZh63OhM0TD8h
>>> BZD2r0nYF/NLfGi50KuMZPNzb2lpzgLHc06ZHZmJBU0sFUbTdI3WrYibDPtY4lva
>>> 1uG3gedN2u+sUCzTKrLILOyrstlJ2lQ4+8jxyO8PncK9Zx3LtgbSlGVGq+pvxsXI
>>> Ac8Yqm+de6Is8aaAHMMzaT9UNxcjXCAs/zZm3iWcPkA2B0CVVUoKnsFuhtGG1cGd
>>> j4bukGJrojkUMEFxIG93qphcurdP2AjuvOaUdZVuoC0uxdVL2az77SgRUH8Vmxdd
>>> SFhAzG7j4LsqGMwiZBkubBZpSMPj6kPyRQUIxwwAk/vRLpOxoPdaEbrI/9wyIaM=
>>> =PFaf
>>> -END PGP SIGNATURE-
>>>
>>> --
>>> coreboot mailing list: coreboot@coreboot.org
>>> https://mail.coreboot.org/mailman/listinfo/coreboot
>>>
>
>

-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[tpearson]

I am not a lawyer, but have some understanding of the relevant liability
law.  This is not legal advice.

If damage is cause to the hardware that the ME would have prevented, very
likely.  Same goes for any security holes opened by removing the ME.  This
is not a supported option by Intel, so (practically*) they have no further
liability for anything that goes wrong on ME scrubbed systems.

* You would need to prove in an airtight manner that the same defect shows
up on fully updated ME-enabled systems.  Given the closed nature of the ME
this may be difficult in a legal environment short of reproducing a defect
across multiple ME-enabled identical systems.

> Hi all,
>
> Searching legal implications of reselling deblobbed hardware, and can't
> fight straight answers.
>
> If the bios is replaced, and ME is disabled with its modules erased, could
> the maker pursue the seller for having made those modifications?
>
> Thanks,
> Thierry
>
> Le mar. 23 janv. 2018 13:56, Timothy Pearson
> 
> a écrit :
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> 4 cores, SMT4.  There's an 8-core available for $190 more, and AFAIK
>> there are plans to start offering an 18-core server chip very shortly.
>>
>> These are the OpenPOWER machines, so there is hardware virtualization
>> support (including I/O passthrough) that works well with kvm and QEMU.
>> I haven't really heard anything referred to as "LPAR" on these newer
>> POWER8/POWER9 machines outside of legacy documents.
>>
>> On 01/23/2018 12:47 PM, ron minnich wrote:
>> > how many cores is that? Does it come with LPAR?
>> >
>> > On Mon, Jan 22, 2018 at 9:48 PM taii...@gmx.com
>> 
>> > > wrote:
>> >
>> > In case anyone wants to know the (non-coreboot) libre firmware
>> TALOS
>> 2
>> > single CPU/board combo is now only 2.5K.
>> >
>> > I still can't figure out how they managed to make it so
>> affordable,
>> this
>> > is seriously great.
>> >
>> > --
>> > coreboot mailing list: coreboot@coreboot.org
>> > 
>> > https://mail.coreboot.org/mailman/listinfo/coreboot
>> >
>>
>>
>> - --
>> Timothy Pearson
>> Raptor Engineering
>> +1 (415) 727-8645 (direct line)
>> +1 (512) 690-0200 (switchboard)
>> https://www.raptorengineering.com
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG v1
>>
>> iQEcBAEBAgAGBQJaZ4U2AAoJEK+E3vEXDOFbBUEIAKxL6cD2L27yZh63OhM0TD8h
>> BZD2r0nYF/NLfGi50KuMZPNzb2lpzgLHc06ZHZmJBU0sFUbTdI3WrYibDPtY4lva
>> 1uG3gedN2u+sUCzTKrLILOyrstlJ2lQ4+8jxyO8PncK9Zx3LtgbSlGVGq+pvxsXI
>> Ac8Yqm+de6Is8aaAHMMzaT9UNxcjXCAs/zZm3iWcPkA2B0CVVUoKnsFuhtGG1cGd
>> j4bukGJrojkUMEFxIG93qphcurdP2AjuvOaUdZVuoC0uxdVL2az77SgRUH8Vmxdd
>> SFhAzG7j4LsqGMwiZBkubBZpSMPj6kPyRQUIxwwAk/vRLpOxoPdaEbrI/9wyIaM=
>> =PFaf
>> -END PGP SIGNATURE-
>>
>> --
>> coreboot mailing list: coreboot@coreboot.org
>> https://mail.coreboot.org/mailman/listinfo/coreboot
>>
>



-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[Thierry Laurion]

Hi all,

Searching legal implications of reselling deblobbed hardware, and can't
fight straight answers.

If the bios is replaced, and ME is disabled with its modules erased, could
the maker pursue the seller for having made those modifications?

Thanks,
Thierry

Le mar. 23 janv. 2018 13:56, Timothy Pearson 
a écrit :

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> 4 cores, SMT4.  There's an 8-core available for $190 more, and AFAIK
> there are plans to start offering an 18-core server chip very shortly.
>
> These are the OpenPOWER machines, so there is hardware virtualization
> support (including I/O passthrough) that works well with kvm and QEMU.
> I haven't really heard anything referred to as "LPAR" on these newer
> POWER8/POWER9 machines outside of legacy documents.
>
> On 01/23/2018 12:47 PM, ron minnich wrote:
> > how many cores is that? Does it come with LPAR?
> >
> > On Mon, Jan 22, 2018 at 9:48 PM taii...@gmx.com 
> > > wrote:
> >
> > In case anyone wants to know the (non-coreboot) libre firmware TALOS
> 2
> > single CPU/board combo is now only 2.5K.
> >
> > I still can't figure out how they managed to make it so affordable,
> this
> > is seriously great.
> >
> > --
> > coreboot mailing list: coreboot@coreboot.org
> > 
> > https://mail.coreboot.org/mailman/listinfo/coreboot
> >
>
>
> - --
> Timothy Pearson
> Raptor Engineering
> +1 (415) 727-8645 (direct line)
> +1 (512) 690-0200 (switchboard)
> https://www.raptorengineering.com
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1
>
> iQEcBAEBAgAGBQJaZ4U2AAoJEK+E3vEXDOFbBUEIAKxL6cD2L27yZh63OhM0TD8h
> BZD2r0nYF/NLfGi50KuMZPNzb2lpzgLHc06ZHZmJBU0sFUbTdI3WrYibDPtY4lva
> 1uG3gedN2u+sUCzTKrLILOyrstlJ2lQ4+8jxyO8PncK9Zx3LtgbSlGVGq+pvxsXI
> Ac8Yqm+de6Is8aaAHMMzaT9UNxcjXCAs/zZm3iWcPkA2B0CVVUoKnsFuhtGG1cGd
> j4bukGJrojkUMEFxIG93qphcurdP2AjuvOaUdZVuoC0uxdVL2az77SgRUH8Vmxdd
> SFhAzG7j4LsqGMwiZBkubBZpSMPj6kPyRQUIxwwAk/vRLpOxoPdaEbrI/9wyIaM=
> =PFaf
> -END PGP SIGNATURE-
>
> --
> coreboot mailing list: coreboot@coreboot.org
> https://mail.coreboot.org/mailman/listinfo/coreboot
>
-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[Timothy Pearson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

4 cores, SMT4.  There's an 8-core available for $190 more, and AFAIK
there are plans to start offering an 18-core server chip very shortly.

These are the OpenPOWER machines, so there is hardware virtualization
support (including I/O passthrough) that works well with kvm and QEMU.
I haven't really heard anything referred to as "LPAR" on these newer
POWER8/POWER9 machines outside of legacy documents.

On 01/23/2018 12:47 PM, ron minnich wrote:
> how many cores is that? Does it come with LPAR? 
> 
> On Mon, Jan 22, 2018 at 9:48 PM taii...@gmx.com 
> > wrote:
> 
> In case anyone wants to know the (non-coreboot) libre firmware TALOS 2
> single CPU/board combo is now only 2.5K.
> 
> I still can't figure out how they managed to make it so affordable, this
> is seriously great.
> 
> --
> coreboot mailing list: coreboot@coreboot.org
> 
> https://mail.coreboot.org/mailman/listinfo/coreboot
> 


- -- 
Timothy Pearson
Raptor Engineering
+1 (415) 727-8645 (direct line)
+1 (512) 690-0200 (switchboard)
https://www.raptorengineering.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEcBAEBAgAGBQJaZ4U2AAoJEK+E3vEXDOFbBUEIAKxL6cD2L27yZh63OhM0TD8h
BZD2r0nYF/NLfGi50KuMZPNzb2lpzgLHc06ZHZmJBU0sFUbTdI3WrYibDPtY4lva
1uG3gedN2u+sUCzTKrLILOyrstlJ2lQ4+8jxyO8PncK9Zx3LtgbSlGVGq+pvxsXI
Ac8Yqm+de6Is8aaAHMMzaT9UNxcjXCAs/zZm3iWcPkA2B0CVVUoKnsFuhtGG1cGd
j4bukGJrojkUMEFxIG93qphcurdP2AjuvOaUdZVuoC0uxdVL2az77SgRUH8Vmxdd
SFhAzG7j4LsqGMwiZBkubBZpSMPj6kPyRQUIxwwAk/vRLpOxoPdaEbrI/9wyIaM=
=PFaf
-END PGP SIGNATURE-

-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[ron minnich]

how many cores is that? Does it come with LPAR?

On Mon, Jan 22, 2018 at 9:48 PM taii...@gmx.com  wrote:

> In case anyone wants to know the (non-coreboot) libre firmware TALOS 2
> single CPU/board combo is now only 2.5K.
>
> I still can't figure out how they managed to make it so affordable, this
> is seriously great.
>
> --
> coreboot mailing list: coreboot@coreboot.org
> https://mail.coreboot.org/mailman/listinfo/coreboot
>
-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[taii...@gmx.com]

In case anyone wants to know the (non-coreboot) libre firmware TALOS 2 
single CPU/board combo is now only 2.5K.


I still can't figure out how they managed to make it so affordable, this 
is seriously great.


--
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[awokd via coreboot]

On Thu, January 18, 2018 6:37 pm, Nico Huber wrote:


> Generally, you can expect microservers with coreboot nowadays (anything
> supported by Intel's IoT group).

If you're talking IoT range, AMD APU Coreboot can be seen at
http://www.pcengines.ch/apu2.htm for example.



-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[Nico Huber]

Hi Carl-Daniel,

On 16.01.2018 19:29, Carl-Daniel Hailfinger wrote:
> At 34C3 I was told by someone that a major vendor has been shipping
> servers with coreboot without announcing this, and I unfortunately
> neither remember the server model nor who told me about this. If said
> person could remind contact me, I'd be thankful.

it wasn't me. Though I remember somewhere around December somebody
reported DMI information on IRC from a cloud server running on an ADI
something from Adlink, likely some microserver. Also, not sure if
related, there where some questions from Dell employees on the ML last
year.

Generally, you can expect microservers with coreboot nowadays (anything
supported by Intel's IoT group). But no fully fledged powerful server
(which is still 100% unsupported by Intel). So if you are looking for
the latter, your options are (as mentioned before) stale AMD systems,
OpenPower (not coreboot but open), modern Intel (maybe AMD too?) servers
shipping with UEFI that you can reduce (NERF, not open but best boot
experience you can get with proprietary firmware (beside coreboot+blobs)
I guess).

If you are looking for microservers, I'd go around and ask. Starting
with Adlink.

Nico

-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[Julien Viard de Galbert]

Hello Felix, and all,

> Le 18 janv. 2018 à 04:17, Felix Held  a écrit :
> 
> Hi Carl-Daniel!
> 
>> At 34C3 I was told by someone that a major vendor has been shipping
>> servers with coreboot without announcing this, and I unfortunately
>> neither remember the server model nor who told me about this.
> This might be related: 
> https://www.fosdem.org/2018/schedule/event/hwenablement_open_source_bios_at_scale/
>  
> 

Well no, I don’t think it could be, or the person was not well informed.

We are not a vendor, but a hosting/cloud company, so we rent servers or service 
running on them, we do not ship them.
Also none of those servers with coreboot were available yet during 34C3.

Anyway, you are welcome to come to my talk at FOSDEM for more details ;-)

Best Regards,

Julien


> 
> Regards
> Felix
> 
> -- 
> coreboot mailing list: coreboot@coreboot.org
> https://mail.coreboot.org/mailman/listinfo/coreboot

--
Julien Viard de Galbert - jviarddegalb...@online.net
Online / Scaleway
Looking for an amazing job? Join us NOW ! https://careers.scaleway.com/




-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[Felix Held]

Hi Carl-Daniel!


At 34C3 I was told by someone that a major vendor has been shipping
servers with coreboot without announcing this, and I unfortunately
neither remember the server model nor who told me about this.
This might be related: 
https://www.fosdem.org/2018/schedule/event/hwenablement_open_source_bios_at_scale/


Regards
Felix

--
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[Timothy Pearson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

At the end of the day, though, this is rather like a rooted iPhone, or
running custom software on a TiVo via a hack.  It's far from a full open
stack and while it may have some utility / advantages for server
operators, for the average person I don't know that there's much benefit.

Still, it's good to know the direction coreboot is taking in terms of
the proprietary x86 hardware now flooding the market.

On 01/17/2018 04:04 PM, Trammell Hudson wrote:
> On Tue, Jan 16, 2018 at 07:29:18PM +0100, Carl-Daniel Hailfinger wrote:
>> [...]
>> At 34C3 I was told by someone that a major vendor has been shipping
>> servers with coreboot without announcing this, and I unfortunately
>> neither remember the server model nor who told me about this.
> 
> Hi, Carl-Daniel.  We chatted at CCC about LinuxBoot servers, which are
> somewhere in between.  The design uses the SEC and PEI portions of the
> vendor firmware to do CPU and memory bringup, then hands control to a
> Linux kernel as a replacement for the DXE phase.
> 
> There is an effort to support the Open Compute hardware with the
> LinuxBoot firmware, and the newer OCP nodes already come with OpenBMC.
> 
> 


- -- 
Timothy Pearson
Raptor Engineering
+1 (415) 727-8645 (direct line)
+1 (512) 690-0200 (switchboard)
https://www.raptorengineering.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEcBAEBAgAGBQJaX8ynAAoJEK+E3vEXDOFbrV4H/0bjJTDvo5TUDF0rw/33tSsh
ZWW01Khr5wFtBhT6A+W6TqEnEecIysqnj0bKWE+umZKVEwt+eHjJ+Lh93ltqLHxO
cP9M4y6JRYZqdOhmxFQaN6G06ak+MvppxMRkpUjw5Zv2Nm4c7Ie4yUlYMdQwDUFx
R6fqCW0HLE8W8GZa7uFLQC1Zlf9NENGbcYB/ZfsQVTiLcMHEP89FU7mixtflDDes
x1YNhm/vtf3BDylm27U63Yx1GV7ZI+rZMFw2ebh5IDiYVDFMoOc0QqsSpliiXgep
BuOt0802W+NIhQiC4ITQUJ+ea/rl8eYPsoqrxv33zuUI8vu2WtvRF/rbiMBiCk0=
=lSyy
-END PGP SIGNATURE-

-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[Trammell Hudson]

On Tue, Jan 16, 2018 at 07:29:18PM +0100, Carl-Daniel Hailfinger wrote:
> [...]
> At 34C3 I was told by someone that a major vendor has been shipping
> servers with coreboot without announcing this, and I unfortunately
> neither remember the server model nor who told me about this.

Hi, Carl-Daniel.  We chatted at CCC about LinuxBoot servers, which are
somewhere in between.  The design uses the SEC and PEI portions of the
vendor firmware to do CPU and memory bringup, then hands control to a
Linux kernel as a replacement for the DXE phase.

There is an effort to support the Open Compute hardware with the
LinuxBoot firmware, and the newer OCP nodes already come with OpenBMC.


-- 
Trammell

-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[Piotr Kubaj via coreboot]

There's no "pure coreboot" systems. You need some payload.

Also, while Talos is truly awesome, the OP asked about coreboot specifically 
and Talos doesn't run coreboot :)

At the moment, the best coreboot-supported server motherboard is ASUS KGPE-D16. 
You can also get libre BMC with OpenBMC port for it.

If you just want a libre motherboard, Talos is the best you can get.

On 18-01-17 12:00:01, coreboot-requ...@coreboot.org wrote:

Message: 2
Date: Tue, 16 Jan 2018 19:29:18 +0100
From: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2...@gmx.net>
To: Coreboot <coreboot@coreboot.org>
Subject: [coreboot] Server systems shipped with coreboot
Message-ID: <d5d6d8ee-77ee-4232-a89a-e5158140b...@gmx.net>
Content-Type: text/plain; charset=UTF-8

Hi,

does anyone have a list of server systems which are shipped with
coreboot? I'm interested in coreboot+UEFI systems, coreboot+Linux
systems, coreboot+SeaBIOS systems, pure coreboot systems.

At 34C3 I was told by someone that a major vendor has been shipping
servers with coreboot without announcing this, and I unfortunately
neither remember the server model nor who told me about this. If said
person could remind contact me, I'd be thankful.

Regards,
Carl-Daniel



--

Message: 3
Date: Wed, 17 Jan 2018 00:28:23 +0300
From: Mike Banon <mikeb...@gmail.com>
To: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2...@gmx.net>,
coreboot@coreboot.org
Subject: Re: [coreboot] Server systems shipped with coreboot
Message-ID:
<cak7947nvzptqehirzfpqpt_kqvferxzfnrppeb_ntvhegxs...@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"

Hi friend ! I just googled "coreboot servers" and found this:

https://store.vikings.net/the-server-1u , and
https://www.siliconmechanics.com/i7045/opteron-server.php
(Installation of coreboot is available with certain configurations;
contact Sales for details.)

And, of course, Talos II POWER9 servers which are already available
for pre-orders.
They are the future of libre server computing :
https://www.raptorcs.com/TALOSII/prerelease.php

So basically there are two options:
1) use one of a few coreboot-supported boards with AMD Opterons (which
are also a bit outdated)
you can even build such a server by yourself, just get the supported
hardware and flash coreboot to it
2) preorder Talos II and wait for shiny new server to come ;)

Mike


On Tue, Jan 16, 2018 at 9:29 PM, Carl-Daniel Hailfinger
<c-d.hailfinger.devel.2...@gmx.net> wrote:

Hi,

does anyone have a list of server systems which are shipped with
coreboot? I'm interested in coreboot+UEFI systems, coreboot+Linux
systems, coreboot+SeaBIOS systems, pure coreboot systems.

At 34C3 I was told by someone that a major vendor has been shipping
servers with coreboot without announcing this, and I unfortunately
neither remember the server model nor who told me about this. If said
person could remind contact me, I'd be thankful.

Regards,
Carl-Daniel

--
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot




--

Subject: Digest Footer

___
coreboot mailing list
coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

--

End of coreboot Digest, Vol 155, Issue 24
*

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



signature.asc
Description: PGP signature
-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] Server systems shipped with coreboot

[Mike Banon]

Hi friend ! I just googled "coreboot servers" and found this:

https://store.vikings.net/the-server-1u , and
https://www.siliconmechanics.com/i7045/opteron-server.php
(Installation of coreboot is available with certain configurations;
contact Sales for details.)

And, of course, Talos II POWER9 servers which are already available
for pre-orders.
They are the future of libre server computing :
https://www.raptorcs.com/TALOSII/prerelease.php

So basically there are two options:
1) use one of a few coreboot-supported boards with AMD Opterons (which
are also a bit outdated)
you can even build such a server by yourself, just get the supported
hardware and flash coreboot to it
2) preorder Talos II and wait for shiny new server to come ;)

Mike


On Tue, Jan 16, 2018 at 9:29 PM, Carl-Daniel Hailfinger
<c-d.hailfinger.devel.2...@gmx.net> wrote:
> Hi,
>
> does anyone have a list of server systems which are shipped with
> coreboot? I'm interested in coreboot+UEFI systems, coreboot+Linux
> systems, coreboot+SeaBIOS systems, pure coreboot systems.
>
> At 34C3 I was told by someone that a major vendor has been shipping
> servers with coreboot without announcing this, and I unfortunately
> neither remember the server model nor who told me about this. If said
> person could remind contact me, I'd be thankful.
>
> Regards,
> Carl-Daniel
>
> --
> coreboot mailing list: coreboot@coreboot.org
> https://mail.coreboot.org/mailman/listinfo/coreboot

-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

[coreboot] Server systems shipped with coreboot

[Carl-Daniel Hailfinger]

Hi,

does anyone have a list of server systems which are shipped with
coreboot? I'm interested in coreboot+UEFI systems, coreboot+Linux
systems, coreboot+SeaBIOS systems, pure coreboot systems.

At 34C3 I was told by someone that a major vendor has been shipping
servers with coreboot without announcing this, and I unfortunately
neither remember the server model nor who told me about this. If said
person could remind contact me, I'd be thankful.

Regards,
Carl-Daniel

-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot