On 10/08/2017 06:44 AM, One7two99 wrote:
Hello Taiidan,
There isn't any reason to buy purism's faux
libre laptops instead of say
a Lenovo G505S ...
I don't understand why this topic is often discussed to emotionally.
As far as I know the G505s is a big laptop (15inch?) which seems also located at the
entry class (compared to the "Thinkpad class").
The performance is about the same as an ivy bridge class laptop (X230),
the downsides being the build quality is not as good and there is no
dock or second battery option.
Don't get me wrong I think most "older" are perfectly fine, that why I am
suggesting looking at a x230 or similar.
A good thing with Purism Laptop line is, that it shows that there is a market for laptops
that seem to look like they are more "free" than others - if the company fools
people here, you are right this is bad - but this is also a chance for others to make it
better.
More competition is always good :-)
If it was a bigger market I would agree with you, however in such a
small market they simply suck resources from better projects.
And maybe some users just want to buy a new "shiny" machine and not a 4y old
laptop.
Then they should buy a dell
Maybe even for the "strange" reason that it just looks more sexy or that they
need certain interfaces, a specific display resolution ... Whatever.
Looking at my company it would not be possible to buy a used machine without
hardware replacement as all laptop are covered with on-site service.
That's why I'm using the X230 as BYOD device.
which is actually owner controlled (open
source hw init coreboot), supports qubes
4.0 and doesn't have a black box supervisor
processor (ME/PSP)
If I understand you correctly you're saying that the blob which contains Intel
AMT/ME is not modified in Purisms laptop line?
It is modified by me_cleaner but as I said before one can do this on
pretty much any laptop without boot guard (or cross vendor cpu swap to
disable BG) and save the additional thousand dollars you would have
spent on a purism laptop over a dell (I like dell because of the
"ProSupport" US tech support option on their business lines) -
additionally if Intel had a backdoor in ME they would include it in FSP
as well making purism's "coreboot" quite pointless
me cleaner only would effect generic ME exploits not the hypothetical
intel backdoor which could easily be included in the initial modules,
hardware mask ROM or hidden EEPROM.
As far as I know it is possible (at least for the laptop I am using an also
others) to use ME_cleaner which will cripple the AMT Blob so that the risk that
anything bad is running there is reduced.
Yeah I did it on my X230 and it works great, but me is simply nerfed not
disabled - a laptop without it is much better.
Take a look at this post:
https://puri.sm/posts/neutralizing-intel-management-engine-on-librem-laptops/
"(...) Of those 23 modules, 21 modules are completely removed from the ME partition,
and we leave only 2 modules: ROMP and BUP. The ROMP module is a “ROM bypass” module which
is used to bypass the ROM initialization code and it’s less than 1KB of code, used to
load the BUP module and execute it. The BUP module is a 116KB module which is used to
initialize the ME hardware. (...)"
So this would still be a (bit more) reasonable secure laptop.
Of course, but at that point you might as well just skip the middleman
and go buy a laptop from a chinese whitebox seller like they did - then
run ME cleaner yourself (and donate the money you saved to the people
who made me_cleaner)
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/158fc220-d2ec-962a-f16e-03d3c9c1ffc0%40gmx.com.
For more options, visit https://groups.google.com/d/optout.
