Have you considered using another CPU like ARM, or an x86-compatible alternative with no IME such as knockoffs from Asia? It seems the IME is an insurmountable obstacle to privacy and freedom.
2 Likes
I think… “knockoffs” are pirate CPU unofficial without patente licenses, and ARM don’t run X86 conventional programs, so the only companies that rightfully manufacture X86 CPU are intel, amd and via tech.
amd also include some harmful technologies and the architecture is worse compared to intel, via tech doesn’t offer a high performance processor, and the architecture is worse than amd.
I think intel currently the only that purism can use, and only on 5th generation backwards because exist a blob on newer CPUS (i915 DRM), outside intel, amd is the second option, but intel is more desirable.
sorry if my English is bad, I’m not a fluent speaker.
It would be nice to see Purism broker a kill switch for TXE/ME. The best of all possible worlds would include a discrete H/W switch.
I imagine a custom chipset, but I have no ideai of technical difficulty and legal implications this would have.
but that my ideal vision.
maybe an ARM processor “emulating” a chipset, I think this would be a viable alternative (or not).
a chipset today nothing but a coprocessor, the important thing would be to start the system and only this, with the fused cpu it would not be impossible something, I think…
Moving to ARM doesn’t necessarily solve the problem.
Joanna Rutkowska (the creator of the Qubes project) published an interesting paper on a potential way to work around ME with a proposal for a stateless laptop in this paper: State Considered Harmful. One of the more interesting parts of the paper for me, however, is in Chapter 9 where she deflates the idea that somehow ARM processors solve the problem of ME or that they couldn’t (or don’t) have similar features.
1 Like
AMD has a binary issue as well, AGESA. ARM doesn’t offer high-enough power. And video graphics binary blobs are also a consideration.
Going with Intel was a choice which allows us to work with Intel in the hopes that future versions can be ME-less (a term they use internally).
But let’s also make sure we’re clear. Since there is confusion.
The Intel ME on a Librem laptop is:
- A binary blob within the BIOS that runs on the CPU.
The Intel ME on a Librem laptop is:
- NOT Connected to vPro/AMT, therefore does NOT allow remote access through AMT tools SINCE:
a) We are NOT using a vPro/AMT enabled CPU
b) We are using the consumer ME (BETTER), not-commercial ME (WORSE – documented to support AMT)
c) We are NOT using any Intel Networking (required to run AMT) - So we are limited only to the binary blob within the BIOS problem (which is a problem, but not as big as a full AMT exploit stack).
Intel cannot offer us an ME-less on our existing CPU, but can for future CPUs (not that they will, but we are discussing future CPUs with Intel to offer ME-less) while we work on methods to free the existing CPUs (other than Intel influenced).
Thanks for the detailed reply, Todd.
Has Intel given any indication as to how many orders you would have to place for them to consider it worthwhile to supply an ME-less option?
Why is no one crowdfunding an open source privacy-respecting CPU? Could it not be done?
Yes we are all the time re-evaluating our hardware choices. We try to maintain high-end hardware with privacy enhanced Free software, so it is a bit tricky to jump on ARM currently. While our final goal is to produce entire Free/Open hardware and software stack, at this moment we are very dependent on what we can get. Notice that we are in negotiations with Intel to remove ME but that kind of things take time. Once we grow up more, we will have more choices!
@RightToPrivacy because that would need a lot of money (and by a lot I mean in orders of tens of millions USD. Currently the best what we have is RISC-V in which Google, HP, Oracle invested recently but it is BSD license so that means they can build closed source hardware on top of it). While there could be an ultimate stretch goal for going into such adventure, I think it would be too high to reach. Currently the best outcome for us is to grow with our community as much as we can and as soon as we reach such level, we (Purism and all community around it) will go into such creations.
Realistically I highly doubt Intel will ever release a ME-less version. They’ve repeatably refused many fortune 500s with the same request, and I don’t think Purism will be able to change their minds. They’d be better off exploring other more promising courses of action.
1 Like
You should consider putting this info somewhere on the Purism website (by which I mean more prominent than the forums). There are accusations around the web that the Librem laptops are “essentially the same” as an off-the-shelf laptop (in terms of privacy/freedom). Obviously, the significance of the technical distinctions you highlighted here depends on one’s perspective, but I’m definitely glad to find out these details about the Librem.
1 Like
RISC-V has started to emerge as an interesting solution : open source chip : https://riscv.org/
It’s existence got validated by smear campaign by ARM - which backfire on them 
https://www.extremetech.com/computing/273236-arm-kills-its-risc-v-fud-website-after-staff-revolt
The EU has already chosen RISC-V as one of the two options for developing chips for its supercomputers :
https://www.slideshare.net/insideHPC/european-processor-initiative-riscv
Fingers-crossed we can get these open-source chip on our personal computer/laptop soon as well.
1 Like