Michael Larabel over at Phoronix got his journalism on to produce this interesting story:
We were tipped off today that AMD's Head of Platform Firmware, Edward Benyukhis, publicly posted on LinkedIn that he is "looking to hire someone with solid Coreboot and UEFI background." If you have Coreboot experience or know someone who is, see LinkedIn for contacting Benyukhis.
Oh, and they're also one of the sponsors for the Open-Source Firmware Conference next week. Does this mean I may actually get to use a computer that isn't about to hit a decade old and without a functional hardware rootkit sometime soon?
(Score: 4, Informative) by RamiK on Monday September 02 2019, @05:13PM (5 children)
Coreboot and libreboot let you deprive the on-die microkernel from ethernet and usb drivers so it can't serve your system on a platter for the fab, fabless and affiliates. However, you still can't be sure about off-spec instructions that prefix the loading of signed & encrypted instructions so you can't run arbitrary (binary) code you haven't vetted. On paper, javascript should still be fine... But of course, we know better than that so that leaves you with a potential backdoor.
That's where OpenPOWER is different: The AST2500 running the (Open)BMC can be replaced by the vendor with something trustworthy like a DSP with a fixed length ISA and tight real time constraints or that's fabbed on a node big enough for you to verify with an electron microscope.
For a trustworthy CPU you're basically out of luck until the Mill's "exposed pipelines" become real. That is, when the compilers know how much time each and every operation takes, it will be possible to fuzz for hidden instructions on one core while running dummy threads on the others. So, when you stumble on something that shouldn't be there, a delay will occur that will throw your other threads out of whack. Ideally you'd also want to sample the output with a real logic probe to verify decoding isn't branching independently off the system clock... But that's for the EEs to figure out.
compiling...
(Score: 0) by Anonymous Coward on Monday September 02 2019, @09:46PM (4 children)
Do you really think the NSA wants to watch your porn that badly?
(Score: 2) by The Mighty Buzzard on Monday September 02 2019, @10:00PM
I dunno about his but mine's top shelf stuff.
My rights don't end where your fear begins.
(Score: 2) by RamiK on Monday September 02 2019, @10:25PM
In case you haven't noticed, the internet is going through an ol' school high-seas piracy age with government contractors on all sides buccaneering for profits and lolz and we're all just one leak [arstechnica.com] away from being exposed to their random ransomware worms.
compiling...
(Score: 2) by Immerman on Monday September 02 2019, @10:33PM (1 child)
Maybe not, but I suspect that they're extremely interested in keeping detailed tabs on everyone in order to spot the 1-in-10,000 individuals that might eventually threaten to bring some democracy to our government. And frankly, I want as many such individuals as possible to slip under the radar until they have a chance to do some good.
(Score: 0) by Anonymous Coward on Tuesday September 03 2019, @07:47PM
That's hate speech.
Why would you want anything different than what has been already planned for you and everyone else?
Do you think you know better than the cultural experts with degrees in Kweer Studees?