[qubes-users] Re: coreboot on modern hardware?
On 3/23/19 3:03 PM, jrsmi...@gmail.com wrote: Spent several hours yesterday trying to track down what I would need to do to install coreboot on all of my computers, starting with my Qubes box: a Levnovo Thinkpad T480. The bottom line from what I can tell is that if you have an Intel CPU made since 2008 (any that have Boot Guard) or an AMD CPU made since 2013 (any that have PSP), you are out of luck. Libreboot spells this out in their docs. I'm not sure if that is because of coreboot itself or something specific to Libreboot. I was stuck by how they seemed perfectly fine walling themselves off from the present and the future. I could find nothing indicating that anyone had even tried, much less succeeded, in installing coreboot on a T480 and everything I did find was for much older hardware. I read through the coreboot docs where they just wave their hands at the end of the build process and say "now go flash". I also read through the heads docs, which say more or less the same thing. Hackaday has an article on the horrors of installing coreboot on a Toshiba laptop. Not only do they neglect to say which model they used, at the end of the article they had it working. The gist is that the information that's out there is out of date, incomplete, misleading, and sometimes just incompetent. I'm hoping that someone here has first-hand knowledge and can advise me (and others who read this). Thanks, John Smiley I don't think Libreboot is "fine with walling themselves off from the future", I just think they would rather not have a back door open that they cannot close. See: https://libreboot.org/faq.html#intel (scroll down for AMD) and https://www.eff.org/deeplinks/2017/05/intels-management-engine-security-hazard-and-users-need-way-disable-it For myself, I also only use AMD CPUs prior to 2013. If this means I can't run Qubes 4, much as I would like to, I will have to take other security precautions, especially since I read that Joanna Rutkowska said that using IOMMU does not protect from this remote management attack. (Sorry I can't find that reference). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3c008fc0-316d-b34a-93c6-463c48d03272%40yandex.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: coreboot on modern hardware?
On Saturday, March 30, 2019 at 12:27:47 PM UTC-7, Chris Laprise wrote: > On 3/30/19 2:43 PM, seshu wrote: > > > In terms of open source hardware has any tried RISD V (https://riscv.org/ > > )? or have thoughts on its potential? They are not selling hardware, albiet > > it's pretty expensive, through the company Sifive > > (https://www.sifive.com/boards ) > > > > This has been an interesting forum thread to read, So, I was wondering what > > potential RISC V and SiFive offer? > > Sifive isn't interesting for PCs/laptops. IIRC it is the BOOM processor > project that is said to take RISC-V in that direction. > > -- > > Chris Laprise, tas...@posteo.net > https://github.com/tasket > https://twitter.com/ttaskett > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 After doing some more reading, I've fount that I was hasty to judgement in saying that the coreboot team had thrown up their hands in defeat at the limitations of modern hardware. As it turns out, the Docs are just horribly out of date. Looking at the release notes for the past few years shows that they have not only not given up, but have already made significant progress in adapting to changes in the hardware we live with. My apologies to the coreboot team for my mis-statement. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3ebed317-3f78-48bf-b860-25aeb250cc39%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: coreboot on modern hardware?
On 3/30/19 2:43 PM, seshu wrote: In terms of open source hardware has any tried RISD V (https://riscv.org/ )? or have thoughts on its potential? They are not selling hardware, albiet it's pretty expensive, through the company Sifive (https://www.sifive.com/boards ) This has been an interesting forum thread to read, So, I was wondering what potential RISC V and SiFive offer? Sifive isn't interesting for PCs/laptops. IIRC it is the BOOM processor project that is said to take RISC-V in that direction. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/73dff731-adef-1189-dd45-09f4fca3f58e%40posteo.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: coreboot on modern hardware?
On Saturday, March 23, 2019 at 7:03:22 PM UTC, jrsm...@gmail.com wrote: > Spent several hours yesterday trying to track down what I would need to do to > install coreboot on all of my computers, starting with my Qubes box: a > Levnovo Thinkpad T480. > > The bottom line from what I can tell is that if you have an Intel CPU made > since 2008 (any that have Boot Guard) or an AMD CPU made since 2013 (any that > have PSP), you are out of luck. Libreboot spells this out in their docs. > I'm not sure if that is because of coreboot itself or something specific to > Libreboot. I was stuck by how they seemed perfectly fine walling themselves > off from the present and the future. > > I could find nothing indicating that anyone had even tried, much less > succeeded, in installing coreboot on a T480 and everything I did find was for > much older hardware. > > I read through the coreboot docs where they just wave their hands at the end > of the build process and say "now go flash". I also read through the heads > docs, which say more or less the same thing. > > Hackaday has an article on the horrors of installing coreboot on a Toshiba > laptop. Not only do they neglect to say which model they used, at the end of > the article they had it working. > > The gist is that the information that's out there is out of date, incomplete, > misleading, and sometimes just incompetent. > > I'm hoping that someone here has first-hand knowledge and can advise me (and > others who read this). > > Thanks, > John Smiley In terms of open source hardware has any tried RISD V (https://riscv.org/ )? or have thoughts on its potential? They are not selling hardware, albiet it's pretty expensive, through the company Sifive (https://www.sifive.com/boards ) This has been an interesting forum thread to read, So, I was wondering what potential RISC V and SiFive offer? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3ff57e8d-beed-4c70-8284-7b80a170fefb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
