Barrier for Nvidia & AMD GPUs?

You still need the binary firmware files. These include things like the powerplay tables. Some of them are documented, and having the original source code is not really important, since they are on the data end of the code/data spectrum. Nor do the firmware files execute on your main system, they get uploaded to the GPU on GPU startup.
Bottom line is it’s not really a bigger deal than the closed source vbios already on the card is (and much less than the PSP or ME on the main system board).

3 Likes

Are they old graphics cards.

Do you know by any chance of open source graphics cards? I know they are making it but do you know when it will be released to the general public?

Then why does Purism refuse to use AMD graphics cards if they do not execute on your main system (if I am understanding this correctly)?

What is a vbios and is it present on the AMD graphics card?

That would be a question for purism. If I were to speculate, it is probably because Intel IGPs don’t add an additional party that might be spying. If you are running an intel CPU, you may as well let them handle the graphics too, especially when it is the same physical device. This is a part of why I am running an all AMD system, since intel can’t seem to avoid serious security issues in their hyperthreading, and once the choice is made to run an AMD cpu, running an AMD gpu doesn’t increase the number of companies in the mix.

In addition, purism is a fairly slow moving company, which makes sense given the effort required in freeing firmware. AMD only really became a major player again in 2017.

VBios is the video bios, it runs on the graphics card and is generally not user updated (if the card is buggy, sometimes there will be a vbios update to try to fix it, but given the risk of bricking the card, most vendors try very hard to avoid needing that).

1 Like

Does that mean for CPU and graphics card? So you do trust that your AMD graphics card won’t spy on you, right?

I see.

This is for the CPU side of things right?

With AMD is there an additional party that could be spying on you as opposed to Intel’s CPU?

Sometimes companies are doing blobs not to spy on you but to prevent others spying on them. In OSS when someone sees your code he can make an improvements and you both get credit for that. But no money.
If software reveals HW architecture specifics which someone else may reuse (and improve) stealing your credit and your money it’s kind of lose-lose.

1 Like

Yes, CPU and graphics card, and motherboard chipset. I think it is less likely for the AMD graphics card to spy than it is for the AMD chipset to spy. Or perhaps more clearly, I believe that if AMD were inclined to spy, their platform security processor is the most likely spy chip. Further, I don’t believe AMD is intentionally spying on their customers. For one thing, the PSP is not connected to the NIC (and in the case of the GPU, it’s connected via the pcie bus, also without direct NIC access). This means it would be difficult to do the spying without detection. For another, I know people with relative who work at AMD, and I trust that they are unaware of any intentional spying (of course, its a big enough company that isn’t worth that much, but it is something).

I would very much prefer if they released their PSP code, or at least gave an option to completely disable it, as it doesn’t do me any good, and even if they aren’t doing anything nefarious with it intentionally, it’s extra attack surface for 3rd parties.

No. 1st gen Ryzen came out in 2017 on the CPU side, but they also started a come back on the GPU side with their Vega64 in 2017. They hadn’t fallen quite as far behind on the GPU side, with the 580 series cards and what not, but they didn’t have anything in the mid-range for several years (and still don’t have anything at the top end, but that may soon change).

As a general rule, every vendor that could include unapproved functionality is a potential source of spying. There is a small potential that some company is including secret spying ‘features’ in one line of products, but not another, but a company willing to spy on you is likely to do it everywhere they can. This means if you use an Intel CPU, Intel chipset, and the integrated graphics of the Intel CPU, then as long as Intel isn’t spying on you, you’re good. Similarly, if you use an AMD CPU, AMD chipset, and AMD GPU, you only have to worry about AMD spying on you. If, however, you put an intel CPU paired with an AMD (or nvidia) GPU, then you have 2 companies that could spy. And then you have the motherboard manufacturer in the mix too.

2 Likes

Oh yes this is true, however if something is closed source, I cannot trust what is going on., it must be open source

Then how can the computer with this CPU be remotely managed? I thought the whole point of the PSP is that it allows some adminstrator to remotely manage the computer with this PSP component in the CPU? And if this is also the case where graphics cards can’t spy if it is not connected to the NIC, then how come Purism refuses to use AMD graphics card as well?

Oh ok that is good to know, I am glad there is no employees that are spying.

I was told that they might have an option where it can be replace with coreboot instead, if this is true this would be great.

I heard that PSP can be disabled through the BIOS settings?

Am I correct to assume English is not your first language? I feel that I am being misunderstood and am uncertain how to be more clear…

The consumer platform ryzen systems cannot be remotely managed. The PSP is for detecting and thwarting device tampering. It provides a software TPM, and manages the hardware TPM interface, and I believe has hooks on the chassis intrusion pins. I think that, since AMD didn’t expect to get any big corporate contracts with first gen ryzen, they figured there wouldn’t be legitimate demand for remote management. I have not checked if later generations have network access on the PSP, but I hope not (it’s something that could be added specifically for the boards used in a corporate deployment).

As I said before, adding AMD gpus to an otherwise Intel system would expand the attack surface. Since they’re doing cheap laptops, it’s not like a discrete GPU would gain much other than a shorter battery life. In fact, if Intel had discreet GPUs, I suspect they would still use the IGPs, since again that decreases the attack surface.

/sarc?
∃(employees who are not spying) does not imply ∀(employee is not spying).
It only implies that if there is spying, it does not involve the handful of hardware engineers I know by reputation. Since such spying is likely to be in software, it’s hard to gauge how valuable that is.

The BIOS flag politely requests that the PSP shuts down when it’s done. Do to the nature of the PSP, there is no way to verify this request is honoured, nor is there a way to preempt the PSP startup, nor is the flag exposed in all ryzen motherboards. Coreboot is rumoured to maybe on its way, AMD put out a job listing for a coreboot developer, we’ll see if anything comes of it.

1 Like

I just don’t get how computers work all the time. Somethings just confuse me.

Oh, what I thought Intel ME is designed to allow other people to remotely manage a computer and PSP was like the AMD’s version of PSP?

Why can’t they just then use an all AMD base system instead of using Intel’s CPU and GPU?

What are IGPs?

Lets hope this happens.

as far as i know AMD has breached the corporate space with their EPYC 2 offerings which are almost certainly capable of connecting the NIC with the PSP just as the IME does … but don’t quote me on that it’s just an assumption seeing how well they do in performance to price ratio. EPYC is a monster. they also have ryzen PRO counterparts to the desktop AM4 CPUs.

but this was about GPUs so i feel we are going off-topic here …

1 Like

On my personal journey through GPU on linux I’ve tried nvidia closed (twas nice but closed) amd closed (twas crap) nvidia open (twas crap) and amd open (kind of ok-ish but not worth it) and finally stuck to intel igp as the best price/perf/openness ratio.

3 Likes

PSP is AMD’s equivalent to the IME, but that doesn’t mean it has feature parity. as reC says, EPYC, threadripper, and some 2nd gen ryzen boards are quite likely to have the PSP connected to the NIC. It also may be possible to get the PSP connected to its own dedicated NIC, which is the way the Power9 boards do it, this gets you remote management without the security nightmare that comes from using the public facing NIC for it. Obviously, that is in the enterprise world, not something you’ll see in a laptop, from Purism or elsewhere.

Momentum mostly. As I said, AMD only had a decent offering again in 2017, and purism hasn’t developed anything new in the laptop space since then. Also, they’ve already gone to a great deal of work to strip bits out of the ME, which they would have to duplicate on the PSP side. Finally, they resell slightly modified Clevo laptops, and Clevo doesn’t have any AMD based systems and has no plans to offer them in the future.

Integrated Graphics Processor, also sometimes called Accelerated Processing Unit (APU). IGP is most often used on the Intel side and APU on the AMD side.

2 Likes

the jist of it is if you only need basic activities done on the computer, maybe compiling some programs, reading text, surfing, paying bills, chatting on the Purism forums you most likely don’t need an nvidia or amd product.

imo they are products that are made to encourage certain computing activities which not all of them might be legal. i bet most gamers/cinematography-lovers have not purchased their material so yes it’s still questionable to think proprietary software has come this far considering all the piracy issues it has but the same might be true for free-software since the GPL came around (not everybody donates money to the cause - but also no government $ involvement)

1 Like

I’d like to know more about that. Have you a source?

It’s been mentioned a few times on the forums here, just search for Clevo. I can’t say for certain that Clevo does the initial manufacture and assembly, the extra hardware switches are almost certainly done in-house by Purism.

For example, the L15 v3 is supposedly a slightly modified Clevo U953. This makes sense, if you think about it. Purism doesn’t have their own PCB printer, nor do they make pretty much any of their parts in house, they only do the final assembly. Clevo is the #1 supplier of whitebox laptops, laptop kits, and laptop parts.

1 Like

For what it’s worth, I asked in the community/general Matrix channel, and the answer I got was that Purism’s laptops are NOT Clevo-based. They use a publicly available mold, which Clevo may also use, so there are probably similarities, but it doesn’t seem to come from Clevo directly

2 Likes

Ah, that actually makes a lot of sense. I know the internal layout is pretty similar, so much so that some clevo parts will just drop in and work in the purism case. The same mold, or mold specification, would explain that.

1 Like

AMD server boards use IPMI for remote access to the PSP. This uses a dedicated RJ-45, so you don’t have to expose it to the network (or you can put it on its own vlan or dedicated management network).

1 Like