Intel ME vs Non Libre Kernel
I have a friend who is looking to get more privacy out of his computing. His only major stipulation is wanting Vulkan support for Liblast and Veloren. I have a couple systems I could give to him for free as he doesn't have much of a budget right now. One has an i7-6700 with an HD 530 GPU and could use the Libre kernel and Trisquel but would have an active ME with no neutering at all. The other system has an FX-8350 and an RX 590 which means no Intel ME or AMD PSP but it can't properly run the Libre kernel due to the RX 590. So what is the lesser evil here ? Libre kernel and Trisquel with a fully active Intel ME or no PSP/ME but no libre kernel.
This seems a false dilemma. The person ends up with proprietary software in one way or other so all outcomes are bad. I recommend to go with Door #3: Libreboot! And Trisquel.
But if you must, at least swap out the video card for something else so that the machine without the ME can also use Linux-libre.
This isn't a false dilemma but a real world choice. In the real world one must make hard choices sometimes. People have needs and simply giving them a third option that satisfies a utopian ideal but not their real world n eeds is solving nothing.
You end up with proprietary software even with a Libreboot system since even it has closed source firmware on various parts. Libreboot limits your use of proprietary software but doesn't make it zero. There is also no Libreboot system that supports Vulkan that I know of so right of the bat you have failed to take into account this person's needs. I also can't swap out the GPU because Nouveau doesn't have Vulkan support yet and possibly never will. The only ways to get Vulkan support is an Intel GPU that is HD 500 series or newer which means Intel ME or use an AMD GPU that is RX series or newer which means no libre kernel.
You need to start to realize that your needs are not everyone's needs and simply saying the magic words of Libreboot doesn't solve many people's issues or properly answer questions. There are plenty of people out there who are trying to use FOSS software that can't be confined to a Libreboot system.
Thanks for reminding us of the trade-offs that software freedom currently requires us to make, at least those of us who prioritize it. Also, thanks for suggesting options to navigate the nonfree software minefield. Let us not forget that this is the very purpose of this forum.
You are thanking a person who has unleashed an army of Freedo monsters on the world.
Yes. There can be no light without the dark and so it is with free software. Look at all these abusive down votes. The pathetic creatures who are doing that are here, among us, in this very room. The horrific element in it is that they cannot escape. Sooner or later the freedies are going to be upon them and do their job.
Myself, I've always strived to live within the light and look away.
I'm sorry. :(
Should I remove them? I thought they were cute.
Oh no, don't remove them. They are quite adorable, you did well.
I have a friend who is looking to get more privacy out of his computing. His only major stipulation is wanting Vulkan support for Liblast and Veloren.
Privacy for gaming or for other things? If for other things, I'd suggest using two computers, one for gaming and one for other things.
Libre kernel and Trisquel with a fully active Intel ME or no PSP/ME but no libre kernel.
My choice would be libre kernel and trisquel as it avoids getting invitations to use non-free software that will most likely come with the OS running on the other system, so it helps getting familiar with a free software environment even though there is the non-free bootloader. It is also easier if using two computers that they are using the same distro.
I've noticed that the Linux-libre kernel does not load the Intel ME kernel module, unlike kernels such as the Debian kernel. I don't know how Intel ME works - does it require the kernel module in order to be completely effective? Could you unplug the ethernet cable on that machine during bootup until the Linux-libre kernel takes over, and/or use a hardware firewall to ensure that the ME is unable to communicate on any unapproved ports?
This wouldn't solve the non-free aspect, but could potentially mitigate any damage done by Intel ME being active.
I believe I would choose for my friend the same as I would choose for myself.