this post was submitted on 26 Jul 2023
753 points (91.3% liked)
Programmer Humor
32455 readers
882 users here now
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
- Posts must be relevant to programming, programmers, or computer science.
- No NSFW content.
- Jokes must be in good taste. No hate speech, bigotry, etc.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
You forgot "Only uses 10+ year old librebooted Thinkpad" on tech paranoid
uses a modern Notebook which is QubesOS certified and runs coreboot
I forget there are linux-friendly laptops nowadays.
I find most laptops are well supported about a year after their release.
whats librebooted mean
Replacing the bootloader with a FOSS bootloader called LibreBoot
It's an open source bios. There are only builds for a certain few laptops and it involves opening it up and flashing the bios chip
why would you even do that, forgive my ignorance
Attempting to closing NSA backdoors
If you want to disable Intel Management Engine, the always-on backdoor built into every Intel CPU and/or want as much software as possible on your machine to be FOSS
Also it boots much faster than most stock bios.
Is there a similar issue with AMD?
Yes, it is called AMD PSP
Not that I know of, AMD is also soon going to make their own FOSS bios with OpenSIL so they're generally the better option if you're a privacy/libre software junkie.
As far as I know, OpenSIL stands for Open Silicon Initialization Library, and handles only the hardware initialisation part of the boot process. It may still require loading binary blobs like the Platform Security Processor (PSP), which is AMD's version of Intel Management Engine
PSP is not the same thing as IME. Not even close. PSP doesn't even have network access, much less remote computer control like the IME. Still proprietary, but if OpenSIL allows you to turn it off then we might actually be able to run a fully 100% libre modern desktop computer which is honestly pretty awesome.
Things like these and the overall general improvements to linux on a daily basis get me excited for a time when I could buy a Framework laptop with coreboot running linux without issues. Also no backdoors for big brother.
Coreboot doesn't disable the IME by the way. It just gets rid of some of it's functionality blobs and sends a signal to it telling it to please disable itself. No one knows if that signal actually works. Only Intel themselves can actually fully remove it from a processor, like they did with the processors they sold to the NSA.
Looks interesting, source please.
Okay I did some research and I was wrong. There is no confirmation Intel specifically removed the IME from NSA's PCs. It's just that some reverse engineers found a flag that supposedly disables it, and their theory is that it was meant for the NSA.
https://www.notebookcheck.net/Eureka-The-Intel-Management-Engine-can-finally-be-disabled-thanks-to-the-NSA.245922.0.html
I believe this is the switch System76 and Purism turn off, but as I said, since the blob is still there, we can't be sure that switch actually works or if it's just a trap.