Does this mean Librem 15 can be Librebooted?

26 replies [Last post]
gd_scania
Offline
Joined: 09/13/2017

https://puri.sm/posts/pioneering-cpu-efforts-to-liberate-laptop-hardware
//Purism’s Librem 15 will ship with an Intel CPU fused to run unsigned BIOS code, allowing a future where free software can replace the nonfree, digitally signed, BIOS binaries.//
So, under the Libreboot manual it still says Librem laptops are "nowhere" to be Librebooted. How much years this was outdated?

nadebula.1984
Offline
Joined: 05/01/2018

If "fused to run unsigned BIOS" means that it doesn't have Boot Guard, then it's theoretically possible.

tonlee
Offline
Joined: 09/08/2014

> Librem 15 can be Librebooted?

https://trisquel.info/en/forum/librem-15-freelibre-and-open-source-laptop-respects-your-essential-freedoms

No, the notebook will not become librebooted. No new intel or amd
cpu can become librebooted. It is commonly accepted the encryption running the authentication of software on the cpu is that strong
you cannot break it.
In two cases you can get libreboot on a new intel cpu:
Intel gives you the private key. Which they are not going to.
Someone finds an error in the cpu which let you put your
own software on the cpu.

To me librem's crowd funding was misleading. Had librem
asked libreboot or coreboot they had known.

onpon4
Offline
Joined: 05/30/2012

No.

https://libreboot.org/faq.html#will-the-purism-laptops-be-supported

I don't know much about this stuff, but a contributor to Coreboot once posted that "fused to run unsigned BIOS" does indeed refer to Intel Boot Guard, and claimed that this is not a very significant achievement because you can avoid the Intel Boot Guard just by building a PC using parts that can't possibly have it enabled.

freemedia
Offline
Joined: 09/14/2018

"you can avoid the Intel Boot Guard just by building a PC using parts that can't possibly have it enabled."

id rather have a source on this than a source on the stallman quote (which can probably be obtained from a single email to rms-- he can also refute it if necessary.)

not because im sceptical, but because it sounds like the sort of information everyone should have. probably wont help laptops much.

onpon4
Offline
Joined: 05/30/2012
freemedia
Offline
Joined: 09/14/2018

no no, thanks very much. thats fantastic information.

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

"Commenting on this boon to user freedom, Dr. Richard M. Stallman, president of the Free Software Foundation (FSF), states,

"'Getting rid of the signature checking is an important step. While it doesn’t give us free code for the firmware, it means that users will really have control of the firmware once we get free code for it.'"

I can't find the source of RMS quote. Searching for it just gives me a bunch of articles referencing the Purism post. I would like to see the original context and whether RMS was really talking about Purism the way the use of this quote seems to imply.

freemedia
Offline
Joined: 09/14/2018

good reason to send a question to rms at the well-known address. everyone probably knows it (i know you do) but i dont want to feed any harvesters with additional plaintext.

also an exception like that might encourage others that are more problematic. im sure his particular email is in plaintext all over the web.

gd_scania
Offline
Joined: 09/13/2017

If you can't find the source then RMS and Purism should have privately and unofficially liaised with any others. This yet needs observations to be proved as true.

freemedia
Offline
Joined: 09/14/2018

well at any rate i sent the email to rms.

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

>I can't find the source of RMS quote.

probably coz there is no.. you know.. librem..

freemedia
Offline
Joined: 09/14/2018

i heard from rms, who says he thinks he wrote it. i gave him the context:

perhaps you could say if this is correctly attributed to you or not.

at the trisquel forum, some people are trying to find a source for this quote from the purism site at this url: https://puri.sm/posts/pioneering-cpu-efforts-to-liberate-laptop-hardware/

and the quote: “Getting rid of the signature checking is an important step. While it doesn’t give us free code for the firmware, it means that users will really have control of the firmware once we get free code for it.”

his reply did not include any clarification on whether it was taken out of context or not. he didnt comment on that, he simply thinks he wrote it.

tonlee
Offline
Joined: 09/08/2014

> I can't find the source

https://www.crowdsupply.com/purism/librem-15

> RMS was really talking about Purism

If people overrate RMS's level of knowledge.
I have asked RNMS a hardware related question.
His answer was odd. Therefore I wrote a further
email asking him to clarify. In his next email
he said, he did not know about the matter
and had asked for advice. Either his advisers
were not very knowledgeable or RMS did not
understand completely what they
told him.

I have no documentation. I think the same thing happened
about the purism notebook.

freemedia
Offline
Joined: 09/14/2018

rms leans on facts whenever possible, even if they dont seem to provide the entire story.

does getting rid of signature checking provide free code? if not, that statement was correct.

does it mean users will have control of the firmare when free code is available? if so, that too was correct.

if those are both true, then getting rid of the checking probably is an important first step.

code still needs to be written, but (unlike a lot of modern models) this model will accept it. if any of those statements are incorrect, its worth saying so. but which are?

here are two newer blog posts (may 2017 and feb 2018) which seem to show progress (or backpedaling) from the 2014 post. they are less generalised, so may not seem relevant at first:

this one from february about iommu support and tpm (yes, tpm) for support of qubes 4.0: https://puri.sm/posts/qubes4-fully-working-on-librem-laptops/ "we have added IOMMU and TPM support to our new coreboot 4.7 BIOS"

_

tip if you think you bricked your librem: someone did a major install and the power led was shutting off shortly after turning on, the (successful) fix was to leave it unplugged from ac overnight.

_

may 2017: https://puri.sm/posts/reverse-engineering-the-intel-management-engine-romp-module/ "The first thing I wanted to try and reverse was the ROMP module. It is one of the two modules that me_cleaner doesn’t remove, and given how small it is (less than 1KB of code+data), I thought it would be a good starting point. Turns out my hunch was right, as I finished reverse engineering that module after only a couple of days."

tonlee
Offline
Joined: 09/08/2014

> rms leans on facts whenever possible, even if they dont seem to provide the entire story.

This displays the infatuation some people have about RMS.

Likely RMS said what he said being misinformed or uninformed.
Then libreboot cannot be right. RMS should have asked
libreboot before saying anything about purism.

> does getting rid of signature checking provide free code? if not, that statement was correct.

does it mean users will have control of the firmare when free code is available? if so, that too was correct.

if those are both true, then getting rid of the checking probably is an important first step.

You made your own version of
https://en.wikipedia.org/wiki/Zeno's_paradoxes#Achilles_and_the_tortoise

If you want to install software on the intel cpu it has to be
verified by a key. The key is designed into the cpu. Only
pieces of software which is signed by the private key
will be verified and installed on the cpu. Intel has
the private key. Probably nobody else has it.
You have not said anything wrong, nor has RMS but you
cannot remove the verification key.

The intel management engine can likely take over the computer
in any way it wants to. Nsa cannot accept such an option on
their computers. According to snowden's papers nsa can
disable the me. Maybe the me is the only backdoor on the
cpus because there are no snowden papers telling about
other cpu backdoors? We do not know.

> this one from february about iommu support and tpm

Explain how is this relevant?
There is no reason to believe a backdoor in the
cpu cannot take control over a qubes
computer.

> may 2017: https://puri.sm/posts/reverse-engineering-the-intel-management-engine-romp-module/

Any piece of software on the cpu can contain a back
door. People say not all the cpu software can get
reverse engineered.

freemedia
Offline
Joined: 09/14/2018

> This displays the infatuation some people have about RMS.

no, this is just ad hom. i said what i said about facts not because im in love with a person, i said it to make a point. rms was making statements of fact, and if any of those facts are demonstrably wrong then people criticising him have a point--

so far, none of the factual statements are being refuted. im not asking for "proof" here, just evidence that hes wrong-- not vague assertions, which is all that was provided against him. now ad hom. can we please have some substance?

> Likely RMS said what he said being misinformed or uninformed.

this is an assertion. all i was asking for was a few details to back it up. then we could compare your details with his statement. otherwise, youre only saying "hes wrong" and what are we supposed to do with that?

"Then libreboot cannot be right."

this is the same assertion with different wording.

"RMS should have asked libreboot before saying anything about purism."

you are trying to make a point by repeating it three times in a slightly different way. would you please tell us why any of the three statements rms made were wrong, instead of implying that we are simply biased because of personal feelings?

if you say someone is wrong, its reasonable to ask for more information-- that was the main point that was made in my reponse.

> You made your own version of
https://en.wikipedia.org/wiki/Zeno's_paradoxes#Achilles_and_the_tortoise

no, i didnt make anything-- i was simply separating his statement into three parts and asking you about them individually, to counter your vague (and factless, though in the next paragraph you finally answer my request-- the point about being infatuated was unnecessary) general assertion.

_

"If you want to install software on the intel cpu it has to be
verified by a key. The key is designed into the cpu. Only
pieces of software which is signed by the private key
will be verified and installed on the cpu. Intel has
the private key. Probably nobody else has it.
You have not said anything wrong, nor has RMS but you
cannot remove the verification key."

now we get to facts, thank you. thats all i was saying before.

you cant remove the key, but as we have talked about in this thread, the chip can be fused to run unsigned code. thats what purism is doing-- requesting such chips.

"The intel management engine can likely take over the computer
in any way it wants to. Nsa cannot accept such an option on
their computers. According to snowden's papers nsa can
disable the me. Maybe the me is the only backdoor on the
cpus because there are no snowden papers telling about
other cpu backdoors? We do not know."

i completely agree with this.

_

> this one from february about iommu support and tpm

Explain how is this relevant?
There is no reason to believe a backdoor in the
cpu cannot take control over a qubes
computer.

how it is relevant to the thread? it is a response to the numerous people saying nothing has changed since 2014. my reponse to was to point to two more recent posts (from the same official blog) that talk about changes in the firmware, including reverse engineering of part of the me that is not cleaned by me cleaner.

sounds like progress to me-- though im not trying to prove that is, just hand the thread part of a requested update. those who wanted an update can decide for themselves if this is progress or not-- i only thought it was a possibility since it involves recent research into previously-unmitigated features of the me.

"Any piece of software on the cpu can contain a back
door. People say not all the cpu software can get
reverse engineered."

i am aware of this. the problem is, that this is true of any modern cpu-- any modern cpu can have a backdoor.

until we have cpu chips of our own design (and for that matter, fabrication) this is about current best practices, perfection (and trust) are unobtainable at this time.

completely 100% unobtainable. we can only address the "known knowns" and the "known unknowns" and try to uncover more.

there are exactly 0 chips we can completely trust. since this is a common chip, since this thread is not about other chips, my replies are about work puri.sm is doing to make progress in this area. i consider that an important subject.

and after all, thats the topic of this thread. now, what was your point again?

i am having particular trouble with these two statments you made in the same post:

earlier you say: "Likely RMS said what he said being misinformed or uninformed." <-

later on you say: "You have not said anything wrong, nor has RMS" <-

as much as i hate things being out of context, i cant find anything in your post to resolve the apparent contradiction between those two statements.

then you say: "but you cannot remove the verification key."

when no one claimed it was removed-- only checking the bios against it is disabled by a fused circuit. as un-fond as i am of this sort of design, i am only rating it against other options that we actually know exist. apart from using older hardware (which could become unavailable or scarce) this seems to be the best option at the moment for new hardware. pretty relevant if anybody buys new hardware, or if the fsf is promoting any new hardware.

no one seems to be saying more than that-- in fact, not everyone seems to accept even that much for certain. i am not convinced either. but "you cannot remove the verification key" sounds more like an unexpected change of subject. there seems to be progress (beyond using me cleaner) without removing the key. or isnt there?

tonlee
Offline
Joined: 09/08/2014

> no, this is just ad hom.

I should not have talked about infatuation regarding you. I did not see you are a new
member of the forum. I thought you knew about the
https://trisquel.info/en/forum/librem-15-freelibre-and-open-source-laptop-respects-your-essential-freedoms
posts.

> youre only saying "hes wrong"

Read
https://trisquel.info/en/forum/librem-15-freelibre-and-open-source-laptop-respects-your-essential-freedoms

> Then libreboot cannot be right.

That was ironic. Libreboot is the capacity about this field. If RMS thinks he knows better
he has to provide documentation.

> to resolve the apparent contradiction between those two statements.

If a person says if I jump 50 yards then I win the olympics, then what he says is
right. It is irrelevant because he not going to jump 50 yards.
If RMS says if a fused x86 intel cpu enables installing unsigned bioses
and we get the source software firmware then the user will control the firmware
then it is correct. But it cannot be done because no one can get round the
verification.
Has purism documented a running fused x86 intel cpu?
I wrote RMS telling him the “Getting rid of the signature checking is an important step. While it doesn’t give us free code for the firmware, it means that users will really have control of the firmware once we get free code for it.” statement was a mistake. Because people would
think a fused x86 intel cpu is an option.
If someone tells you made a mistake. You either acknowledge the mistake. Or you
rebut. RMS graciously held off from the librem notebook in his next email.

> now we get to facts, thank you. thats all i was saying before.

I did mention verification in my previous post.
I did not explain further because I assumed you knew about it.

> apart from using older hardware (which could become unavailable or scarce) this seems to be the best option

Is what you want to know if librem's activities provides more secure computers assuming free
software is more secure?

If you think free software is more secure then debian main and trisquel are more secure than
ubuntu because ubuntu contains non free software. And it is difficult to tell if non free
software does something you do not want. Even if librem gets able to run more
free software you cannot tell if the librem get more secure. Because the backdoors can
be located in the non free parts of the software
https://puri.sm/learn/software-freedom-in-perspective/
This diagram is very misleading. It purports that a higher percentage of free software results
in a more secure computer. It is an erroneous conclusion.

> only checking the bios against it is disabled by a fused circuit. as un-fond as i am of this sort of design

I doubt it.

> which could become unavailable or scarce

That should not stop you from staying critical if someone claims he can turn a current intel cpu
free software.

> best option

On
https://trisquel.info/en/forum/librem-15-freelibre-and-open-source-laptop-respects-your-essential-freedoms
it says any other intel computer is probably not worse in terms of the cpu.

> sounds more like an unexpected change of subject. there seems to be progress (beyond using me cleaner) without removing the key. or isnt there?

If you read
https://trisquel.info/en/forum/librem-15-freelibre-and-open-source-laptop-respects-your-essential-freedoms
and knew about the persons writing the posts you had not written what you have.

freemedia
Offline
Joined: 09/14/2018

i seem to have misread a few parts of your post before, taking them seriously when you didnt intend all of them that way.

im not sure about the other forum thread, which i dont believe ive read, but i intend to.

but no, i really dont like fused circuits in cpus. i like if they use them for something good, but altogether i think its a pretty bad idea to end up with different chips which the user may not even want just based on an irreversible post-production alteration thats built it by design. sounds like a pretty bad idea-- practical for them, not ideal for anybody else. all to turn off features that are bad and shouldnt be on there either way. just dont add the features.

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> https://puri.sm/learn/software-freedom-in-perspective/
> This diagram is very misleading. It purports that a higher percentage of free software results
> in a more secure computer. It is an erroneous conclusion.

Yes, you can increase or decrease the percentage of free software by installing or removing free packages, but that would not make the EC firmware or Coreboot's proprietary blobs any more or less of a security risk.

That's also why I avoid referring to Coreboot as "mostly free." The proprietary blobs might make up a small percentage of Coreboot's code, but they could be very important compared to other parts of the code. If the developer of a firmware blob has obfuscated the code to prevent anyone from exercising freedoms 1 and 3, it seems unlikely that the code does something mundane.

freeatlast

I am a member!

Offline
Joined: 07/21/2018

the librem products have coreboot instead of libreboot but purism is not respects your freedom certified yet though they plan on being working on being certified

https://puri.sm/learn/freedom-roadmap/

onpon4
Offline
Joined: 05/30/2012

That page has remained almost entirely unchanged since they first published it more than three years ago. This is an archive of an older revision of the page from 2015:

https://archive.is/HBDm3

freemedia
Offline
Joined: 09/14/2018

sort of an arbitrary place to reply to this, but somewhat relevant. i asked support for an update, they said:

"Browse through our news blog for a timeline and check the page here: https://puri.sm/coreboot.

In short: we disabled and neutralized the Intel ME, coreboot contains Intel FSP (memory initialization) and video binaries."

so there is the official response from puri.sm if youre curious. to be honest, i can understand the scepticism though at the same time, i find all of this pretty interesting. if i had the kind of money that afforded me a lemote back when, id consider a librem.

thats mostly hypothetical, i spent less than $120 for my most recent laptop purchase. its nice if we gain a reasonable option for new hardware as well as the existing (older) solutions we have. the email from rms didnt explicitly defend them, though i felt it was implied, its possible i read too much into it. as for "good enough" i dont think we are going to reach that any day soon. who is making the most progress? im not calling these guys the winner, im just keeping them in the race. they dont call it "hardware" for nothing, its never easy is it? unless it costs a lot.

onpon4
Offline
Joined: 05/30/2012

If you buy a Librem laptop, you're buying a system that will always run proprietary software (the Intel ME firmware, which is not removed*), but is slightly better than what you find at most stores because much of the Intel ME's capability has been removed. If we refer to Jason's "Titanic" analogy, this is really the equivalent of playing music out on the dock to keep the evacuees from panicking or being too uncomfortable. Not a waste of effort by any means, but not a solution either.

* What Purism means by "disabled and neutralized", when talking about the ME, is that they applied the me_cleaner script, which takes advantage of a quirk in the signature checking allowing it to remove parts of the ME firmware which are not essential to the boot process, and cause it to shut off after booting is completed. That proprietary software is still being run. You can take a look at the script yourself here:

https://github.com/corna/me_cleaner

freemedia
Offline
Joined: 09/14/2018

If we refer to Jason's "Titanic" analogy, this is really the equivalent of playing music out on the dock to keep the evacuees from panicking or being too uncomfortable. Not a waste of effort by any means, but not a solution either.

except the links i posted went beyond running me cleaner, into doing research on parts of the me that it doesnt even do anything with.

i have used a lot of old computers. i can more or less assure you that trisquel 8 would not run very nicely on any of them. this isnt a diss on trisquel-- my own stripped down os (including the stripped down trisquel) wouldnt run very nicely on any of them either (and ive run it on a p4 with half a gig of ram.) i mean, if you go back far enough that theres no me and none of its predecessor either, we are looking at what, older amd?

tell me what computers (other than the ones already on the ryf list, just because i know that list already) do not "always run proprietary software." libreboot already lists them, right?

i like jasons argument, though at least tell me which ships are not headed for giant icebergs. because it seems like the only ones that arent move very slowly and are continuing to age. we will need new ships eventually, great if we dont need them now.

and im not saying "choose librem" over something better.

im saying if nothings better, at least theyre doing new freedom-related research: https://puri.sm/posts/reverse-engineering-the-intel-management-engine-romp-module/

this seems like exactly the stuff we should be learning, whether we use librem or not. is this really just marketing, or are they doing a good thing?

other than the existing ryf list-- whats better? note there is a related thread on this forum where they ask why all the freedom-respecting stuff is "so aging." im all for research into the newer stuff, even if it hasnt created ideal results yet-- one more time, what has? id be keen to know not just for rhetorical reasons, but for the sake of determining future purchases.

i also feel like librem isnt being given enough credit, but im totally with you on "this by itself isnt good enough." is arm somehow better? every arm device ive touched was locked down and had proprietary components and probably wasnt too secure against state intrusion. even the bunny laptop doesnt seem like more than a partial step forward. like librem.

whats better? the computer im using now hasnt had me cleaner run on it. so thats not better. every time i ask, someone instead tells me something that i already read in this thread or another related (recently updated) thread on this forum. thats cool-- but i am still asking. i would love to support something better than librem. what are my options? not only have i read jasons piece, i link to it from (the front page of) the free media website.

onpon4
Offline
Joined: 05/30/2012

> except the links i posted went beyond running me cleaner, into doing research on parts of the me that it doesnt even do anything with.

I would think Purism would contribute its findings upstream to me_cleaner. That would make the most sense, no?

Regardless of what kind of reverse-engineering and cracking Purism might (have) come up with, the Intel ME proprietary firmware is always going to run. Always. All that can be done is to reduce the capability of that firmware, or to exploit vulnerabilities to run arbitrary extra code. You're not ever going to be in a situation where the proprietary Intel ME firmware is removed entirely from these machines, and you're almost certainly never going to end up in a situation where you can replace it with libre firmware.

> i have used a lot of old computers. i can more or less assure you that trisquel 8 would not run very nicely on any of them. this isnt a diss on trisquel-- my own stripped down os (including the stripped down trisquel) wouldnt run very nicely on any of them either (and ive run it on a p4 with half a gig of ram.)

Based on what? "Nicely" how? "Stripped down" how?

> tell me what computers (other than the ones already on the ryf list, just because i know that list already) do not "always run proprietary software." libreboot already lists them, right?

Lots of ARM SoCs will run without any proprietary software, albeit without graphical hardware acceleration. In fact many ARM devices come with a libre bootloader (Das U-Boot) by default. Also MIPS, and then of course there's the TALOS products and RISC-V. It's only x86 that's fatally flawed as far as I know.

> every arm device ive touched was locked down and had proprietary components and probably wasnt too secure against state intrusion.

Like I said, many ARM SoCs will run without any proprietary software, just with reduced capability. The Pyra should be one example, and the EOMA68-A20 computer card is another. There's even a Chromebook, the C201, which will work without any proprietary software and with minimal modifications (just install a libre OS, add a USB WiFi adapter, and you're good to go).

> what are my options?

Right now? The fastest option right now would be those old ThinkPads. But there's also the Chromebook C201, for example, if you install a libre OS on it.

For the near future, hopefully EOMA68 setups should become a realistic option reasonably soon, and that would provide a clear and easy upgrade path if it becomes successful. There's also the DragonBox Pyra if you install a libre OS on it.

And if you insist on using very fast x86 hardware at the cost of running proprietary bootloader code, Think Penguin is just about as good as Purism.

freemedia
Offline
Joined: 09/14/2018

> Lots of ARM SoCs will run without any proprietary software, albeit without graphical hardware acceleration. In fact many ARM devices come with a libre bootloader (Das U-Boot) by default. Also MIPS, and then of course there's the TALOS products and RISC-V. It's only x86 that's fatally flawed as far as I know.

> Like I said, many ARM SoCs will run without any proprietary software, just with reduced capability. The Pyra should be one example, and the EOMA68-A20 computer card is another. There's even a Chromebook, the C201, which will work without any proprietary software and with minimal modifications (just install a libre OS, add a USB WiFi adapter, and you're good to go).

> Right now? The fastest option right now would be those old ThinkPads. But there's also the Chromebook C201, for example, if you install a libre OS on it.

> For the near future, hopefully EOMA68 setups should become a realistic option reasonably soon, and that would provide a clear and easy upgrade path if it becomes successful.

> There's also the DragonBox Pyra if you install a libre OS on it.

thank you, thank you, thank you.

this is what i was looking for. i know the thinkpads are on the ryf list, either the ryf list has gotten a lot longer lately or this stuff isnt on it.

now i understand why everyone is adamant about this. its not the concept i was having trouble with-- i was looking for the context. cheers.

i also spend a lot of time remixing operating systems and running them in qemu. the goal isnt to get them to run in qemu of course, but real hardware. but id rather restart qemu countless times than reboot an entire machine while working.

to some extent, i think i can also do this with other platforms. i dont always rely on chroot, but ive never tried using it cross-platform. i didnt even know that was possible until i looked it up just now.

id love a list of which of these machines match with which systems are in qemu-- i will probably make that list myself, i suppose it only requires getting the os and finding which qemu system runs it.

because i do a lot of this in qemu, i could get started before i actually have these machines. right now, targeting multiple platforms isnt a goal. im certain, based on what im reading, that targeting non-x86 eventually will be.