vPro technology and thinkpads

18 replies [Last post]
mguasch

I am a member!

Offline
Joined: 09/25/2013

Hi all,

I'd like to ask you guys if you knew a bit about this vPro technology as
a possible method of remote control. I've always thought that thinkpads
were great for GNU/Linux, asides from the intel wireless card, and just
now it dawned upon me that most of them have vPro technologies, which is
a method of remote control implanted on your CPU.

Thing is, I don't know much about how it works, and whatever information
I've found is either too vague or purely marketing-oriented.

Do you guys/gals know anything about this?

dadix
Offline
Joined: 07/01/2013
mguasch

I am a member!

Offline
Joined: 09/25/2013

On 09/29/2013 01:00 PM, name at domain wrote:
> vpro in action:
> https://www.youtube.com/watch?v=Xq-mHC9JYwY
>
Incredible... This is really saddening.

Does this "only" work on windows ? What about account priviledges in
GNU/Linux? How does it know exactly which computer to connect to? Does
the "client" have a certain address to access it ?

On another note, I know anything with txt and vpro is just a nightmare
regarding privacy. So one would need to get a processor which doesn't
have these "features", for example the i5-3210M
(http://ark.intel.com/products/67355/Intel-Core-i5-3210M-Processor-%283M-Cache-up-to-3_10-GHz-rPGA).

I would LOVE to order a laptop from thinkpenguin, but I'm in Europe,
which means +300-400 euros in shipping & handling, taxes, etc.

The only other laptop I've seen that includes a similar chip without
these "features" is the L430. Any experiences installing trisquel
(linux-libre kernel without proprietary software, binary blobs, etc.) on
that one?

mguasch

I am a member!

Offline
Joined: 09/25/2013

What really impresses me is that people complain a lot about apple, me
being the first. But still, look at the processor the macbook airs are
using: i5-4250u - no vPro, no TXT

On 09/29/2013 01:17 PM, Miguel Guasch wrote:
> On 09/29/2013 01:00 PM, name at domain wrote:
>> vpro in action:
>> https://www.youtube.com/watch?v=Xq-mHC9JYwY
>>
> Incredible... This is really saddening.
>
> Does this "only" work on windows ? What about account priviledges in
> GNU/Linux? How does it know exactly which computer to connect to? Does
> the "client" have a certain address to access it ?
>
> On another note, I know anything with txt and vpro is just a nightmare
> regarding privacy. So one would need to get a processor which doesn't
> have these "features", for example the i5-3210M
> (http://ark.intel.com/products/67355/Intel-Core-i5-3210M-Processor-%283M-Cache-up-to-3_10-GHz-rPGA).
>
> I would LOVE to order a laptop from thinkpenguin, but I'm in Europe,
> which means +300-400 euros in shipping & handling, taxes, etc.
>
> The only other laptop I've seen that includes a similar chip without
> these "features" is the L430. Any experiences installing trisquel
> (linux-libre kernel without proprietary software, binary blobs, etc.)
> on that one?
>
>
>
>

lembas
Offline
Joined: 05/13/2010

>Does this "only" work on windows ?

No, they say it's OS independent.

Chris

I am a member!

Offline
Joined: 04/23/2011

This is wrong. It's a misconception about duties and taxes. Taxes are paid regardless of if the laptop is imported by a business and then sold or imported by a customer for personal use. The only difference is going to be when those taxes are paid. IE you pay them to the local shop or you pay them when the laptop is delivered. Don't let fear of taxes stop you because it would be a mistake. Now you might argue it costs about $50 more because of increased shipping costs over a local purchase (at least for Northern/Western Europe). However the prices in Europe are generally higher and particularly those of systems purchased truly locally. You also should keep in mind that a consumer machine purchased locally will definitely be less expensive than a business machine purchased locally or from outside the country. Just comparing the specs is going to give you a very misleading perception of what your getting for your money. There are other factors as well, such as height and weight of the machine.

In the United States we have a major store called Wallmart. The company aims to be the cheapest. Everything is sold at very low margins. However what they don't tell you is that the products are largely so cheap because they have forced companies to reduce the price (to Wallmart/for Wallmart) to below a point in which it would be profitable. If a company doesn't do this Wallmart will go elsewhere and because Wallmart is such a significant part of the market companies literally can't afford not to comply. The result is Wallmart products (even those seemingly identical to products purchased elsewhere) are cheap- and when I say cheap- I mean garbage. Lower quality plastics, substitute chemicals, underrated wiring, refurbished parts inside “new” machines, etc. These are the kinds of things companies do in order to make a profit on a product that otherwise would be unprofitable.

What I'm trying to say is it can be a significant mistake to try and compare solely based on advertised prices/specs (and other factors). This is particularly true when most companies (and ThinkPenguin is no exception here) fail to advertise whats actually inside (we should fix it, and maybe we will, feel free to send an encouraging email for us to do so). And by that I mean we aren't listing what drives are being used (they are new, and of better quality, performance, etc for most of the options, anything above 80GB, 80GB is new, although I wouldn't call it great or even good performance wise).

The reason you probably should avoid Lenovo is because they have digital restrictions in the BIOS. This will prevent you from swapping a wifi card dependent on non-free software to one that is not dependent on non-free software. The other thing to watch out for (not the only thing really, but it'll definitely save you energy) is the graphics. Avoid ATI/AMD graphics. They both are dependent on non-free software.

Also note that HP, Toshiba, Dell, probably Sony, and Apple all have proprietary parts/and or digital restrictions in some or all machines now. I think most other companies are pretty safe in this regard still.

None of that means you won't run into problems either. Just that it's good advice to reduce the likelihood of running into problems. All in all there is still a high likelihood if you ask me of running into problems. Frequently there are issues with wifi on/off switches (ie permanently off, so wifi doesn't work regardless of the chipset) amongst other issues (like lack of power management support).

blackomegarey
Offline
Joined: 05/23/2013

On Sun, 2013-09-29 at 13:00 +0200, name at domain wrote:
> vpro in action:
> https://www.youtube.com/watch?v=Xq-mHC9JYwY

Wow, it can even access BIOS!

trisq

I am a member!

Offline
Joined: 09/03/2013

More on vPro. Excellent article from 2008, has quite a few specifics.

https://trisquel.info/en/forum/secret-3g-intel-chip-gives-snoops-backdoor-pc-access#comment-43317

Also, Intel Anti-Theft, doesn't need vPro to work as far as I know. One of the links has a list of ThinkPads which contain anti-theft features.

https://trisquel.info/en/forum/secret-3g-intel-chip-gives-snoops-backdoor-pc-access#comment-43212

EDIT: corrected 2nd link

oralfloss
Offline
Joined: 06/20/2013

Luckily for free software users, vPro can be avoided by removing the built-in WLAN card, which requires proprietary firmware anyways. Unless there is a backdoor built in to a backdoor, this is likely the easiest/only way to fix a problem like this.

Check out:
https://en.wikipedia.org/wiki/Intel_vPro#vPro_hardware_requirements

According to this, vPro can only function with certain WLAN cards. As long as the WLAN card is COMPLETELY OUT of your computer, they should not be able to access it remotely.

For info on removing it, see:
http://support.lenovo.com/en_US/product-and-parts/detail.page?&LegacyDocID=MIGR-72544

You can buy alternative WLAN cards, which have free chipsets, from Amazon or ThinkPenguin. They can go in both the USB port and/or the WLAN card slot.

Chris

I am a member!

Offline
Joined: 04/23/2011

I'm pretty confident vPro & TXT are also dependent on a GSM module being installed in the machine. I was reading up on it somewhere that the way it works is via SMS and not TCP/IP. So I think there may have been an assumption or misreporting of something and possibly propagation of bad info. There is still potentially risk here though since we don't know that it doesn't have a hidden feature which works via TCP/IP (the BIOS code amongst other microcode would probably help eliminate this concern).

That said I think it would still be a good idea for someone to test out vPro and TXT such that the TCP/IP packets are monitored as well as radio communications (I can't conceive why there would be a need for a GSM module if the CPU actually has a GSM chip inside, I think this myth has got to be wrong, I would like to read up on the article RMS was talking about at GNU 30th speech though, it might be the one I read, in which case, it's inaccurate, and should be taken with a grain of salt).

Either way I'd probably suggest avoiding CPUs and systems with vPro chips for as long as is possible. That said I don't think it's going to be avoidable for much longer.

What we really need is a new non-x86 design. Unfortunately that takes significant resources and people in the larger community (whom could make it a reality). Most already seem unwilling, unable, don't know, or just don't care sufficiently to make that happen. They aren't buying free software friendly hardware (from us or elsewhere). I'm hoping we can change that though. 5 years in for me as far as the effort goes and it still seems to me to be a bit far ways off. I do at least have some numbers in my head of what needs to be achieved financially to make it happen. More than what I can say I had 5 years ago.

Coreboot is also another thing to think about. It's not a total solution, it's not even a solution today I don't feel. There just isn't enough demand to make it happen either. However it might be something worth pursuing tomorrow.

Putting effort into something to achieve victory today, but failing over the long term is my main reason for having not taken a step forward in this regard.

I'll leave off with a comment about RMS's speech. I think his Libre Planet 2013 speech and comments on hardware were worth watching. The approach thus far as been largely reverse engineering. But tomorrow that isn't going to be enough (more and more companies are moving from circuits to firmware). It would be better if we had more cooperation from the community in purchasing decisions. Only a small percentage of users purchasing a small set of the same hardware would solve all of these issues. Right now financially the money is spread such that nobody is catering toward GNU/Linux or the free software community (well, OK, we are, ThinkPenguin, that is, but it's certainly not bringing in a sufficient percentage of the population that would be needed to make big jumps like those described above, yet, or without the communities support).

mguasch

I am a member!

Offline
Joined: 09/25/2013

Hi Chris,

Thanks for your very detailed answer. It really helped clear things up for me.

I'm really glad that there is a company out there, yours, which is not only offering good hardware compatible with libre software, but also taking an active position in these discussions. Things like this really give me hope.

I wanted to ask you, and others who read this, a general question about non-x86 design: What options are there for the future? Should people start thinking about MIPS, for example? I've toyed with the idea of getting a yeeloong notebook to tinker with, but AFAIK there are also some inevitable non-free components.

On a side note, I'm an engineering student specializing in embedded systems and, even though I'm still in my second year and there are lots to learn, I'd love to contribute somehow in any future efforts regarding non-x86 designs. Perhaps you or someone knows of any forums and/or groups where there is an active discussion regarding this?

Thanks once again for your detailed answer and for all your hard work.

-Miguel

Michał Masłowski

I am a member!

I am a translator!

Offline
Joined: 05/15/2010

> I wanted to ask you, and others who read this, a general question
> about non-x86 design: What options are there for the future? Should
> people start thinking about MIPS, for example? I've toyed with the
> idea of getting a yeeloong notebook to tinker with, but AFAIK there
> are also some inevitable non-free components.

YeeLoongs with the Loongson 2F CPUs have nonfree firmware in chips that
is already provided, doesn't run on the main CPU and IMO can be treated
as hardware (not seen any recommendations of updating it); EC and hard
disk firmware are known examples. (There is no loadable CPU microcode
and a bug that allows an unpriviledged program compiled without a
compile time fix to hang the system.) While they aren't an option "for
the future", they might be useful to compare other solutions to.

Software availability is IMO good on Debian (and thus future gNewSense
releases), while it needs help to keep mipsel supported in future
releases. (I don't believe in distros based on the N32 or N64 ABIs
being generally useful in near future, since modern Web browsers don't
support them.)

There is one harder issue: graphics. YeeLoongs with Loongson 2F have no
3d acceleration and practically no 2d acceleration. Video playback
requires SIMD optimizations that are specific to Loongson CPUs and are
mostly missing from upstream software and free distros.

Devices with Loongson 3A "solve" this by including AMD GPUs with nonfree
VBIOS and nonfree microcode loaded by the OS. This isn't an acceptable
solution for free systems. Maybe future Loongson devices will use a
Loongson 2H chip as a southbridge with a Vivante GPU, it might be
supported without nonfree software when using the etna_viv driver.

Some ARM SoCs have advanced free GPU driver projects, maybe they could
be used in a more free laptop. There is no such device that I know
about, while Rhombus Tech CPU cards might make it more possible.

ahj
ahj

I am a member!

Offline
Joined: 06/03/2012

>What we really need is a new non-x86 design. Unfortunately that takes significant resources and people in the larger community (whom could make it a reality).

MIPS!

I'm losing faith in ARM; maybe there will be entirely free ARM SOCs in the future, but I suspect other companies like Lemote will push for freedom respecting hardware and software stacks before ARM distributors do.

In fact, I'm about to push the button on the Lemote 8101B (the rms notebook). I want to help contribute to the MIPS community, because I think that's where we will have the best shot of establishing a viable alternative to the x86 monopoly.

I heard that there will be MIPS CPUs in the near future that will come with a completely liberated graphics stack, designed in-house by Loongson to complement their future Godson CPUs.

The day that happens Chris, is the day you will be inundated with business. I know a lot of people who would love a MIPS based machine with decent graphics and decent CPU execution speed *all* powered by free software

ssdclickofdeath
Offline
Joined: 05/18/2013

I just hope that the newly-released MIPS computers won't be outdated like the Yeeloong.

muhammed
Offline
Joined: 04/13/2013

"In fact, I'm about to push the button on the Lemote 8101B (the rms notebook). I want to help contribute to the MIPS community, because I think that's where we will have the best shot of establishing a viable alternative to the x86 monopoly." -- ahj

I thought that Lemote stopped making the RMS notebook. Or are you talking about a model newer than the Yeelong (sp?)?

Michał Masłowski

I am a member!

I am a translator!

Offline
Joined: 05/15/2010

tekmote.nl and kd85.com still have them.

Chris

I am a member!

Offline
Joined: 04/23/2011

I think the supply is disparaging and the availability in the US is gone.

Bertel

I am a member!

Offline
Joined: 08/30/2010

But still in stock*.
"10-40% discount on Yeeloong serial laptops till 18th of November 2013!"

Lemote YeeLoong 8101B 10" mini-laptop Pure White-- High-end GNU Linux mini laptop from €340 to €290.00 (Price excl. VAT, excl. delivery).

* http://www.tekmote.nl/en_GB

trisq

I am a member!

Offline
Joined: 09/03/2013