New Librem Revisions - Please Wait For Intel Icelake


#1

I just wanted to make it clear that Meltdown / Spectre is being addressed on a silicon-level by Intel in upcoming processors. I see no sense in pushing out a new line of Librems until these CPUs are released and properly installed, regardless of whether or not that pushes their release date to 2019 (it likely will).

It’s also worth continuing talks with Intel in the meantime and work towards a “ME-less design” that simply ships-out without an Management Engine - reducing the workload Purism has to deal with and not having ANY remaining ME code or foundation. It’ll probably also get rid of bugs associated with the ME removal methods.

Best case scenario is we’ll have a ME-Less design by 2019 without the existence of Meltdown/Spectre.

Worst case scenario, Purism still has to remove the ME as best they can themselves, but at least we get a new line of more efficient processors (and all the new features that come with it) and these security issues will be correctly addressed at the hardware level.

The best / worse-case scenarios entirely depend on Purism’s ability to negotiate with Intel. But even if Purism can’t get anything done with them, at least we’ll get a processor with Meltdown/Spectre completely fixed and no longer need to rely on microcode and kernel patches, or live with the performance hit and bugs associated with them. And of course as usual we get the improvements that come with it - Icelake has some pretty big rumored ones - highlights being that it’s just overall more efficient and will get a sizeable upgrade to the integrated graphics.

I’m hoping it’ll have hardware support for AV1 as well, as the industry will be moving from H.264 AVC to AV1 over the coming years in all likelihood. Hardware support for it will mean less lag and CPU power wasted on decoding videos and far less time encoding as well, if you do that. However, I understand that’s a real stretch, being that the bitstream freeze just happened not long ago, and the first hardware to officially support it will likely not come out until mid 2019 onward.

I also kind-of hope Purism will make (a perhaps limited supply of) Icelake-based Xenon models available so that those of us willing to pay a bit more for a Xenon and get ECC DDR4 memory with TRR enabled (please do your reading on the memory - this is important to those of us that want rowhammer mitigations - ECC DDR4 with TRR is the best there is it seems) will be able to - but I know that’s also a stretch so I won’t hold my breath.

I just wanted to say all of this because I just don’t want Purism to jump the gun on a new release. There’s tons of reasons to simply hold-on and wait for Icelake rather than blow resources on a new revision too early. I think it’s fine to just stick to the current revisions until a major CPU change like this comes out.

Thanks.


Intel vs AMD (Ryzen) hardware and firmware security
#2

I’d pay more for the option to have ECC DDR4 memory as well.


#3

Yeah, I think several of us would.

I understand that it’s lower-demand and all, but in that case just have a limited supply of Xenons and ECC for those of us that do want it.

In the case of rowhammer needs to be specifically a type that also has TRR hardware support, I feel that’s an important thing to note. As I understand it, TRR is a specific technology that you won’t necessarily get even if you purchase ECC Memory. TRR is apparently only present in specific models from specific brands.

There are, of course, other reasons to want ECC that aren’t related to rowhammer as well - from the viewpoints of both security and reliability.

That’s my understanding, anyway.


#4

I fully understand the approach. And I guess, to wait is the only possible and feasible solution.

But I have a question:
When it comes to the Spectre and Meltdown Disaster - (while we’re now waiting on the 8 “Next Generation” Vulnerabilities) one seems to be for sure:
In opposite to AMD, Intel decided to give a shit on security in their preemptive prediction pipes, optimizing solely on speed, ignoring safety in a irresponsible way, to keep an anyhow overwhelming market share. This generated a pretty unfair competition situation against AMD . By sacrificing security Intel always seemed to have the faster CPU’s.
So I ask myself, why do you want to support such attitude by staying with Intel ? Why AMD is not considered as an alternative ?


#5

From what I’ve read, it’s mostly because there’s more reverse engineered stuff on Intel than on AMD CPUs. And AMD has mostly the same privacy and freedom related issues as Intel CPUs have.


#6

Just some minutes ago, I read something about the possible RISC approach here in the forum - so switching from worst (Intel) to worse (AMD) maybe was not the best suggestion …