Barrier for Nvidia & AMD GPUs?


#21

OpenCL is where the pro driver has some dubious benefits, not OpenGL. Basically, with the open driver you are stuck with Mesa’s Clover OpenCL (language level 1.2). AMDGPU-PRO gets you OpenCL 2.

Of course, if you are on a reasonably recent GPU (7series (IIRC polaris) arch or later), Radeon Open Compute is available, generally outperforms both Clover and AMDGPU-PRO, and as the name suggests, is fully open source. Only downside is gentoo’s the only distro where setting it up is trivial. It’s available in debian/ubuntu too, but you have to have the right kernel version or some such there.


#22

Thanks for that info! And yes, setting up the drivers on my linux drive (Arch-based) took some back and forth. Not terrible. Just not simple.


#23

Yeah, there’s been some work to make it less painful recently. I did it on gentoo before the ebuilds existed, took several hours to figure out everything.

The problem I’m seeing is AMD hasn’t done anything to advertise ROCm, so most of the distro maintainers don’t seem to even know it exists.


#24

Ok so if you install these open source drivers, do you still need binary blobs, can you get away with running PureOS as it uses Linux-libre kernel with binary blobs stripped off?

Have you done some sort of benchmark tests comparing the pro and the open source versions?


#25

Is this alternative to AMDGPU drivers?

Yes that is the huge issue here.

I heard some gaming laptops allow you to disable the graphics card when it is not in use that way you can safe power.


#26

adrenaline it’s the most up-to-date version of AMDGPU drivers that you can use on windows/or any non-libre-linux kernel (amdgpu-pro is only available with LTS kernels - ubuntu for example or RHEL or CentOS - see > https://www.amd.com/en/support/professional-graphics/radeon-pro/radeon-pro-wx-x200-series/radeon-pro-wx-8200 and https://amdgpu-install.readthedocs.io/en/latest/ )

even if the driver itself is open-source the lower levels remain closed so it’s not FSF aproved and can’t be RYF certified. not to mention that on the gnu/linux side there is no proper gui way to configure all the available settings as you can on windows. it sucks for profesionals …


#27

Wow that sucks :frowning:

Are they planning on making their grpahics cards free from binary blobs in the near future if you happened to know by any chance?


#28

probably not but there are some models of AMD/nvidia cards that are listed under the FSF recommended hardware list just they are not the latest and greatest retail offerings.

check here > https://www.fsf.org/resources/hw

the more people buying and donating to free-software the better the chances are that we will someday reach something closer to what currently is available out-of-the-retail-box. i wouldn’t lose hope just yet …


#29

You still need the binary firmware files. These include things like the powerplay tables. Some of them are documented, and having the original source code is not really important, since they are on the data end of the code/data spectrum. Nor do the firmware files execute on your main system, they get uploaded to the GPU on GPU startup.
Bottom line is it’s not really a bigger deal than the closed source vbios already on the card is (and much less than the PSP or ME on the main system board).


#30

Are they old graphics cards.

Do you know by any chance of open source graphics cards? I know they are making it but do you know when it will be released to the general public?


#31

Then why does Purism refuse to use AMD graphics cards if they do not execute on your main system (if I am understanding this correctly)?

What is a vbios and is it present on the AMD graphics card?


#32

That would be a question for purism. If I were to speculate, it is probably because Intel IGPs don’t add an additional party that might be spying. If you are running an intel CPU, you may as well let them handle the graphics too, especially when it is the same physical device. This is a part of why I am running an all AMD system, since intel can’t seem to avoid serious security issues in their hyperthreading, and once the choice is made to run an AMD cpu, running an AMD gpu doesn’t increase the number of companies in the mix.

In addition, purism is a fairly slow moving company, which makes sense given the effort required in freeing firmware. AMD only really became a major player again in 2017.

VBios is the video bios, it runs on the graphics card and is generally not user updated (if the card is buggy, sometimes there will be a vbios update to try to fix it, but given the risk of bricking the card, most vendors try very hard to avoid needing that).


#33

Does that mean for CPU and graphics card? So you do trust that your AMD graphics card won’t spy on you, right?

I see.

This is for the CPU side of things right?

With AMD is there an additional party that could be spying on you as opposed to Intel’s CPU?


#34

Sometimes companies are doing blobs not to spy on you but to prevent others spying on them. In OSS when someone sees your code he can make an improvements and you both get credit for that. But no money.
If software reveals HW architecture specifics which someone else may reuse (and improve) stealing your credit and your money it’s kind of lose-lose.


#35

Yes, CPU and graphics card, and motherboard chipset. I think it is less likely for the AMD graphics card to spy than it is for the AMD chipset to spy. Or perhaps more clearly, I believe that if AMD were inclined to spy, their platform security processor is the most likely spy chip. Further, I don’t believe AMD is intentionally spying on their customers. For one thing, the PSP is not connected to the NIC (and in the case of the GPU, it’s connected via the pcie bus, also without direct NIC access). This means it would be difficult to do the spying without detection. For another, I know people with relative who work at AMD, and I trust that they are unaware of any intentional spying (of course, its a big enough company that isn’t worth that much, but it is something).

I would very much prefer if they released their PSP code, or at least gave an option to completely disable it, as it doesn’t do me any good, and even if they aren’t doing anything nefarious with it intentionally, it’s extra attack surface for 3rd parties.

No. 1st gen Ryzen came out in 2017 on the CPU side, but they also started a come back on the GPU side with their Vega64 in 2017. They hadn’t fallen quite as far behind on the GPU side, with the 580 series cards and what not, but they didn’t have anything in the mid-range for several years (and still don’t have anything at the top end, but that may soon change).

As a general rule, every vendor that could include unapproved functionality is a potential source of spying. There is a small potential that some company is including secret spying ‘features’ in one line of products, but not another, but a company willing to spy on you is likely to do it everywhere they can. This means if you use an Intel CPU, Intel chipset, and the integrated graphics of the Intel CPU, then as long as Intel isn’t spying on you, you’re good. Similarly, if you use an AMD CPU, AMD chipset, and AMD GPU, you only have to worry about AMD spying on you. If, however, you put an intel CPU paired with an AMD (or nvidia) GPU, then you have 2 companies that could spy. And then you have the motherboard manufacturer in the mix too.


#36

Oh yes this is true, however if something is closed source, I cannot trust what is going on., it must be open source


#37

Then how can the computer with this CPU be remotely managed? I thought the whole point of the PSP is that it allows some adminstrator to remotely manage the computer with this PSP component in the CPU? And if this is also the case where graphics cards can’t spy if it is not connected to the NIC, then how come Purism refuses to use AMD graphics card as well?

Oh ok that is good to know, I am glad there is no employees that are spying.

I was told that they might have an option where it can be replace with coreboot instead, if this is true this would be great.

I heard that PSP can be disabled through the BIOS settings?


#38

Am I correct to assume English is not your first language? I feel that I am being misunderstood and am uncertain how to be more clear…

The consumer platform ryzen systems cannot be remotely managed. The PSP is for detecting and thwarting device tampering. It provides a software TPM, and manages the hardware TPM interface, and I believe has hooks on the chassis intrusion pins. I think that, since AMD didn’t expect to get any big corporate contracts with first gen ryzen, they figured there wouldn’t be legitimate demand for remote management. I have not checked if later generations have network access on the PSP, but I hope not (it’s something that could be added specifically for the boards used in a corporate deployment).

As I said before, adding AMD gpus to an otherwise Intel system would expand the attack surface. Since they’re doing cheap laptops, it’s not like a discrete GPU would gain much other than a shorter battery life. In fact, if Intel had discreet GPUs, I suspect they would still use the IGPs, since again that decreases the attack surface.

/sarc?
∃(employees who are not spying) does not imply ∀(employee is not spying).
It only implies that if there is spying, it does not involve the handful of hardware engineers I know by reputation. Since such spying is likely to be in software, it’s hard to gauge how valuable that is.

The BIOS flag politely requests that the PSP shuts down when it’s done. Do to the nature of the PSP, there is no way to verify this request is honoured, nor is there a way to preempt the PSP startup, nor is the flag exposed in all ryzen motherboards. Coreboot is rumoured to maybe on its way, AMD put out a job listing for a coreboot developer, we’ll see if anything comes of it.


#39

I just don’t get how computers work all the time. Somethings just confuse me.

Oh, what I thought Intel ME is designed to allow other people to remotely manage a computer and PSP was like the AMD’s version of PSP?

Why can’t they just then use an all AMD base system instead of using Intel’s CPU and GPU?

What are IGPs?

Lets hope this happens.


#40

as far as i know AMD has breached the corporate space with their EPYC 2 offerings which are almost certainly capable of connecting the NIC with the PSP just as the IME does … but don’t quote me on that it’s just an assumption seeing how well they do in performance to price ratio. EPYC is a monster. they also have ryzen PRO counterparts to the desktop AM4 CPUs.

but this was about GPUs so i feel we are going off-topic here …