Re: [Libreboot-dev] about Intel ME

[Denis 'GNUtoo' Carikli]

On Sun, 3 Apr 2016 20:01:41 +0700
Serge <address@hidden> wrote:

> Hi Denis
Hi,

I've CC-ed libreboot, as the response may also interest people
reading that mailing list.

> Thank you so much for the detailed reply.
> I analyzed and noted many interesting points and corrections you made.
> Indeed, the problem is more general: the presence of the non-free code
> that we cannot trust.
And in the case of the ME on _recent_ hardware: The user cannot
replace/avoid that code, since there is no free software replacement for
that code.
This is what separates the ME from software like Microsoft Windows,
even if in both case the software controls the computer.

> And power is definitely corrupts people so considering historical
> examples and real cases we can conclude that all those proprietary
> blobs are too risky for society. And they are progressing in some
> strange way towards being totally closed and unsupervised by the free
> software community (like recent versions of Intel's ME are embedded
> inside the chipset and forced to be unremovable by design (now ME
> co-processor sets up memory training, runs ICC control, etc) So I
> totally support the refusal to support this flawed hardware.
Right, this ME is a big issue:
The fact that users cannot replace/avoid its code on recent hardware
means that, most recent hardware can run free software, but without
really delivering all free software's freedoms.

> The fact that Intel is taken this path gives me clear warning sign
> that they don't listen to the FS community, their values are flawed
> and the company doesn't care about the ethics and moral values of the
> computing power that should be open and transparent to people who owns
> their devices. I don't even know why this is happening. It really
> looks bad from ethical point of view...
A company that size only cares about money. Most companies have no
notion of morale nor empathy.

Such (big) companies have a lot of impact on the human society. Still,
they are lousily regulated.

People also are supposed to regulate themselves by participating in the
democratic process. We need to fix that too.

> But what are alternatives?
* Existing libreboot hardware.
* Many ARM devices can boot with 100% free software. However, it's
  often the case that some hardware features won't work with free
  software, such as the 3D acceleration.
  I've started working on documenting that, but this progress way too
  slowly (due to my lack of time). The idea is to split the problem in
  two:
  1) Document the hardware, I've started documenting some I.MX SOCs on
     Wikidata. Then I'll have to document more SOCs, and devices using
     them.
  2) Map the hardware to software and freedom. A given device would
     be supported by coreboot, a given chipset too.
     That mapping would automatically be applied to the hardware
     described above.

Also, some AMD boards could be added to libreboot, if people do the
effort required for that.
Most AMD devices have a GPU that cannot be used with 100% free
software:
- The option ROM needs to be replaced with free software[1].
- The non-free "firmware" sent to it also needs to be replaced to have
  certain features, such as 3D acceleration.

With fam14h and later There is an SMU binary that should also be dealt
with.

At some point (fam16h?) AMD introduced a security processor(called PSP)
that looks like the ME. So hardware made before that can probably be
added given that the effort to do so is done.

> I found some interesting platforms maybe you'll be interested in them:
> 1. Talos http://www.raptorengineeringinc.com/TALOS/prerelease.php
> 2. Novena https://www.crowdsupply.com/sutajio-kosagi/novena

> Talos is based on Power processors and open firmware.
Talos is not released yet. It may even run coreboot/libreboot, or its
specifications may change. Still it looks very promising.

> Novena is arm-based but with u-boot open firmware so they look
> promising to the FS community.
Novena is promising too, its GPU has been documented trough reverse
engineering, and its support is/has been merged upstream(linux, mesa,
etc).

> About the people's reaction - you noted interesting moment that people
> doesn't care about things that are not so obvious. People tend to
> believe that "they woudn't dare to do so"
Especially because they don't feel like someone that might be
specifically targeted (by states, agencies, criminals, etc).

But everybody is targeted, and people tend to realize how bad it is
when they need to use their freedoms (which, as they find out, are
gone), or are targeted (by criminals for instance).

> thus relaxing the social
> pressure to the peer leaders (i.e direct market pressure - by stop
> buying from companies like Intel for implementing their firmware in
> unethical / closed / non free way)
I don't think that alone would fix it.

> So we need to educate people to showcase how non free software gives
> unjust power to the state/corporations, and how it easily could be
> abused, and so on...
Yes, this would have several effects:
- They would stop buying such flawed hardware if they can.
- They would instead make alternatives possible viable (by buying the
  alternatives devices).
- They would demand that flawed hardware stop being manufactured.

We must also make sure that having alternatives benefits everybody, and
not just the powerful and wealthy people.

That doesn't mean that powerful and wealthy people can't help making
it viable.

> On Sun, Apr 3, 2016 at 7:00 PM, Denis 'GNUtoo' Carikli
> <address@hidden> wrote:
> > Sorry for responding that late, I've a huge mail backlogs.
Responding below the quote is more intuitive.
Wikipedia even has an article on that[2].
Funnily there is even an RFC that talks about it (RFC1855).

References:
-----------
[1]There is an attempt to replace it at:
   https://github.com/alterapraxisptyltd/openatom
[2]https://en.wikipedia.org/wiki/Posting_style

pgpwHJ36IjazI.pgp
Description: OpenPGP digital signature