System76. A step in the right direction.

7 respostas [Última entrada]
garfilth
Desconectado
Joined: 11/06/2012

System76 are disabling Intel ME and all, I think, models that they sell. People with more knowledge than me, could this lead to librebooting these systems or is more needed.

Needless to say they are doing this from a security point not a FreeSoftware point.

http://blog.system76.com/post/168050597573/system76-me-firmware-updates-plan

jxself
Desconectado
Joined: 09/13/2010

More is needed. Much more.

kernelKurtz
Desconectado
Joined: 03/12/2013

> More

No argument there.

Even so, this alone is enough to put System76 in first place when it comes to replacing my laptop in a few months. (Puri.sm is charging several hundred dollars more for a comparable IME-disabled machine.)

Here's hoping ZAReason, ThinkPenguin, et. al. follow suit and widen the field of choices.

Edit: OP, there's discussion of your question here: https://www.reddit.com/r/linux/comments/7gpcu5/system76_will_disable_intel_management_engine_on/

The tl;dr is "Yes, if Coreboot is good enough", by my reading.

ivanB1975
Desconectado
Joined: 08/29/2017

For me it is amazing that in the blog of System76 it is not mentioned at all the me_cleaner tool that they will surely use to disable the ME. Simply amazing....

kernelKurtz
Desconectado
Joined: 03/12/2013

It may not have seemed like an important point to Marketing. But the first post of the Reddit thread linked above, by their engineer, mentions it by name.

ivanB1975
Desconectado
Joined: 08/29/2017

Yep surely it is marketing. I appreciate instead the efforts of the Purism company that invests the time of some engineers to address the ME problem. Off course all of these actors they do this for their own sake (money), but the fact that some engineers work on this topic is a positive thing.

J.B. Nicholson-Owens
Desconectado
Joined: 06/09/2014

name at domain wrote:
> System76 are disabling Intel ME and all, I think, models that they sell.
> People with more knowledge than me, could this lead to librebooting these
> systems or is more needed.
>
> Needless to say they are doing this from a security point not a
> FreeSoftware point.

If this is characterized as a step in the right direction, I think that
this is ultimately a smaller step than is really needed.

A significant step in the right direction is to provide POWER-based
computers more users can afford. I say POWER-based because:

- as far as I know, POWER CPUs are already up and running in desktop
computers and doing real jobs in a competitive way to what Intel/AMD chips
are doing. I'm sure there are other CPUs that can do work like this too,
and I have nothing against them, but I don't know as much about the details
of those efforts.

- free software benefits from being more portable. Thus free software
benefits from identifying and fixing bugs due to being written (without
cause) to assume endianness, instruction set, and other processor-dependent
details.

- I believe current POWER-based systems running GNU/Linux can implement a
cryptographically-signed free BIOS (or something that functions to get the
system hardware running) where the user holds exclusive access to the keys,
not some other party. Users are free, of course, to decide to keep another
party's key(s) in the keyring.

We in the free software community insulate ourselves from the horrors of
Intel ME and workalikes (hereafter "ME") by diversifying where we can run
free software. Our best response to Intel/AMD is to reject them utterly and
reassess what they have to offer if and when they resume developing chips
we can trust. We are not well served to try technocratic means of working
around ME by keeping the malware in the system but avoiding it. POWER-based
computing is a viable means of reaching these ends.

Jabjabs
Desconectado
Joined: 07/05/2014

It is a start. I think they kind of mean well but really they are a VERY long way from complete. Purism is a little better but they are in the same boat. Lots to be done.