no matter how “secure” and “open” you do, Intel already placed ME tecnology (hardware backdoor) into nordbridge, so then can spy and do whatever they wand on all modern pc. Solution is to take back old PCS (pentium 2-3-4) and use those.
Futile is a bit extreme, since “futile” means to not even try. Our approach is multi-faceted, and lengthly, but we feel like each battle we push on has the potential to win the war. We are WELL aware of the Intel ME (we write about it regularly), we put out a petition which saw over 1000 signors, we have submitted that petition to our account manager at Intel, and will continue to discuss having Intel themselves allow for an ME-less design. While I respect the solution you propose, all other methods of reaching the same goal of CPU freedom should not be discounted as futile.
a chain is strong if EACH ring is strong. put 99 ring of steel connected to one ring of butter and the chain will broke because the ring of butter will broke so easely. the ring of butter is the ME technology that allow to broke the chain of steel. They know how to do and they did. Your chain (purism) is useless to privacy because ME skip any kind of protection and go directly to read whole the ram of PC.
Do you have 1000 signors of your petition? you can have one million, one BILLION but do you REALLY believe Intel will give you any kind of attention? on one side there are you, few brave people, on other side there is NSA an all the economic and political power of USA: they just do a call and Intel run and jump as trained dog… it is at least naive to think that intel will give you attention. really, you have NO ONE AT ALL option to win the battle, you can distuss with intel until the hell will be frozen, but they will stay always on the feet of USA govern. i am not against you, i simply face the actual situation an hope every one get your hardware to know that they are buying a steel chain with a butter ring.
really, at the beginning i was attracted by the purism idea, but as soon as i read “i7” as cpu, i smiled bitter and thought “nice fail”.
My idea is that you fail since the beginning because you decided to use a evil hardware, and worse is that you know it and choose it the same: do you work against evil or for evil? if you don’t know i can forgive, but if you know, it means you are “partner” of evil. oh yes, you have to face the commercial side (idiots out there want powerfull cpu and i7 is a good brand, but ho really care privacy dont care i7). as last analisys, i think you did a trade-off between privacy and market, but privacy is binary: or there is or there is not: security at less than 100% means 0% of security.
i still think purism is a futile effort until you persist to use a “defective-by-design” intel hardware. better it was if you start to search another cpu: power pc are not so bad despite they are “old”.
Solution? many there some, but not for tipical goofy user out there.
A. use OLD hardware lets say old PowerPC, 68000, pentium 3-4, amd monocore, etc.
B. use alternative cpu as mips or ARM
anyway A and B are a workaround: only if all the code is readable there is the possibility to control it: the real last solution is to use a softcore onto a fpga, and make GNU/Linux run on top of it. of course that kind of system will be so slow and make user to be back to 1990’s with a equivalent cpu as 486 at 25 Mhz. I will be ready to use it if it preserve my privacy, but i am one of fewest that think this.
good luck (to your customers)
I actually need a computer that is usable. So the “workarounds” suggested wouldn’t really do much for me. Acknowledging that there’s a problem is only the first step in resolving it. Shooting down every means of addressing the problem without supplying a usable alternative has the end result of actually supporting the continued existence of the problem.
Beyond that, doesn’t Intel ME only work with an Intel NIC? This is from people who poked around and read what they could from the chips, not what Intel said. I’d hope AMD would step up and open all their stuff. That’d get them money, as I’d guess Purism would jump on those if AMD allowed their chips to run sans their version of ME.
Maybe!.. a Constitutional challenge would help here! And so!.. calling upon Richard Stallman’s/ FSF’s Legal Team to draw up a plan of action, might do, what Purism has been unable to do thus far!
The first question to be asked, is:… “Do prospective Purism purchasers have a ‘Right’ to an ME-less Librem design?” And if a court decision says YES, then the next question to be asked, is:… “Does Intel have a ‘Right’ to deny prospective Purism purchasers an ME-less Librem design (a court decision favoring prospective Purism purchasers, notwithstanding!)?” And if a court decision re this latter question is NO, then Intel may be “convinced” to make an ME-less Librem design available!
Please!.. no emails!
Thanks for your interesting comments.
We are currently working on designing our next device to be fully free and endorsed by the FSF. It would be a phone and we have launched a survey to get the people’s opinion about it. This kind of device requires less resources and makes the use of a less powerful fully free CPU possible.
However, making a fully free laptop with an old or slow CPU is, in my opinion, what would make the game of the “evil” as you call it. But things are not just good or just evil. There is a middle way.
At some point I used to think your way and thought that my freedom would go through sacrifices, restricting myself, making my computer useless for anyone and even a pain to use for myself. I still agree that this is currently the only way for me to secure my digital life.
However, favoring the gap between digital freedom and the rest of the industry is not going toward our dream of global freedom and harmony as it always tend to exclude the majority.
The average user doesn’t care much about the CPU brand in his computer, but mostly cares about usability. However, most of those users also do care about their privacy as well as about the ethics behind a companies’ politics (what about planned obsolescence?). In that regard, I believe that the average user is currently the one doing the biggest sacrifice, sacrificing freedom for the comfort ofusability, without always noticing it yet.
So instead of going in a way that excludes the majority by marginalizing our hardware, we wish to help everyone to move consciously to digital freedom by making hardware that is as free as it is currently possible for the speed and usability required by the majority (even in the world of free software users).
We are aware that the Librem is not yet perfect and has a weak ring in the chain and we don’t hide it to our customers, but it is a starting point (as well has being the ending point as it is also the last ring to be replaced). Anyway, it is still a work in progress with one single goal in mind : Freedom for EVERYONE.
Companies like Intel don’t create nor buy mass consciousness (no one does), they just surf on it. They go where the profit is.
Now, imagine millions of Librem users supporting us because of our philosophy of Freedom while not having to lose their comfort of usability… It would be a sign for the big CPU manufacturers that there is a market for fully free modern computers, so the first manufacturer freeing their CPU would access this market straight away. We are not attached to Intel so we could switch any time. If success is there, at some point, why not starting developing our own free CPU based on existing free design? This is a real dream of mine anyway!
Your solution assumes that for everyone, modern day computing that’s sufficiently different from web browsing, can be adequately done on a Pentium. That’s not the case.
I don’t think the goal is perfect security. If the goal is to maximize user security while minimizing the inconveniences+unusability, then this laptop does worth the money.
Maximizing security alone results in booting from a libreboot X200, not using a cellphone or a credit card. Minimizing inconveniences alone means OS X or Windows.
i think what they are doing is awesome, because as they already told, is not fully free yet, but they are working on it, and this is a good start and the community should enfort them
about Francois told
“We are currently working on designing our next device to be fully free and endorsed by the FSF. It would be a phone and we have launched a survey to get the people’s opinion about it. This kind of device requires less resources and makes the use of a less powerful fully free CPU possible.”
this is true, but please consider to use a faster full open source cpu avalaible (snapdragon 821 or so?), because applications need power, as i understood and what i hope, the os will be the desktop version (maybe optimized) with a touch friendly DE, then immagine for example firefox with all the privacy addon needed require faster memory and power to run without feel to have a 386
i’m following you guys, i really love your mission, and i hope you keep involve the community about the phone and future project
Thanks a lot for your support! Getting where we want to get is indeed a global effort.
i will wait for olimex laptop based on arm: https://www.olimex.com/Products/DIY%20Laptop/. I prefere to have the risk to by spyed by China cpu than to be sure to by spyed by USA cpu.
At the risk of being accused of necrobumping this very old thread, I mention that OpenPOWER is open. The practical problem to building laptops based on such chips is everyone has to recompile for that hardware, right?
Although…Ubuntu runs on POWER, and Ubuntu, like PureOS, is a Debian derivative. So, the problem for freedom-oriented device manufacturers is CPUs in their devices have to interface with a wider array of “blobby” firmware than processors found in servers?
Is that a fair assessment?
Based on this thread, it looks as though this is no longer an issue: Intel had to make closing the ME back door possible (for the NSA…they want back doors everywhere else, but not in their own systems!) and Purism now fixes this vulnerability in its laptops. Re compiling everything for different hardware, the effort would be worth it if it were necessary (presumably the distro could still be based on Debian’s source packages, so it would probably be a time-consuming but relatively straightforward mission)…but in this case it just doesn’t seem to be necessary.
Absolutely correct - IME is neutralized now (I was commenting on a very old thread which began at a time before the IME work was complete), but Purism is on a journey, and there are things running at CPU rings below level 0 that remain of concern (see Minix unknowingly running on Librem Laptops? ). Since the original poster mentioned “old PowerPC” architecture, I thought I’d noodle about the open nature of the current OpenPOWER and muse about why it may or may not be a viable alternative to Intel CPUs.
there’s no problem with recompiling. I personally would love to have ARM64 (or fwiw any other power efficient soc) based laptop. it’s just ARMs SoCs are even more closed than x86. So they are used in vendor-locked mobile devices with off-the-tree drivers.
OpenPOWER is an architecture, but is there any existing SoC suitable for mobile device? Eg something which can run on 4Ah battery for 10+ hours? and support all the modern busses/sensors/etc.
A couple of things:
-There is no relatively recent hardware being sold by anyone else that has had this soon to be exploitable hole already patched (the ME).
-There are no other laptops that have hardware kill switches for the microphone/webcam and bluetooth/wifi. That in itself already places the Librem line in a league of its own with respect to your privacy. If you can find a laptop without a webcam / microphone, I’d be surprised.
-The fact that everything else is as open source as it can be at least makes that stuff auditable.
-If you really want to be spied on by China more than the US, have fun with that.
I don’t know the answer to that question. I confess I was thinking of laptops, not handheld devices. I spent a few minutes today looking at https://openpowerfoundation.org/ and a few other places, and see that the implementations are SoCs, but they are suitable for server and HPC type applications. I didn’t quickly find anything on power consumption. My guess is laptops and handhelds were not the first things they had in mind.
That was my understanding too. So now, no power-management (mobile and handheld devices support), no consumer-level periphery support (eg. graphic accelerators) - such configuration is a doubtful asset for an average home user.