SoylentNews is people
SoylentNews
Libreboot Sees First New Release In Nearly 5 Years, Supports More Old Motherboards
Libreboot as the Coreboot downstream focused on providing a fully open-source BIOS/firmware replacement without any black boxes / binary blobs is out with a new release. The prior tagged release of Libreboot was all the way back in 2016 while has now been succeeded by a new release albeit in testing form.
Libreboot 20210522 allows more Intel GM45 / X3X era hardware to work with this fully open-source alternative to proprietary BIOS/UEFI firmware. New boards supported by this Libreboot release include the Acer G43T-AM3, Lenovo ThinkPad R500, Lenovo ThinkPad X301, and Intel G43T-AM3. Yeah, it's quite hard in 2021 to get excited about Socket 775 motherboards or 45nm Penryn laptops. Libreboot is largely limited to supporting these outdated platforms due to its focus on being fully open-source and not using any Intel FSP binaries, etc.
Previously: Replace your Proprietary BIOS with Libreboot
AMD to Consider Coreboot/Libreboot Support
Libreboot Applies to Rejoin GNU
(Score: 2, Interesting) by Anonymous Coward on Tuesday May 25 2021, @03:29PM (13 children)
One would think there would be enough of us paranoids that we could convince Intel or AMD to sell a batch of processors with the fuse bits clear and sufficient documentation for Libreboot to work. The entity that bought the lot of unlocked chips could make a decent markup selling them paired with boards running Libreboot, probably enough to fund development.
But it doesn't happen.
One would think we could get ONE Arm phone, tablet, etc. similarly unlocked. Other than Pinephone and Librem, both selling seriously obsolete chips, zero vendors have stepped into an obvious market niche.
Almost like an invisible hand around the throat of the marketplace. Somebody really likes their built in backdoor into every PC and server.
(Score: 0) by Anonymous Coward on Tuesday May 25 2021, @03:58PM (7 children)
POWER9 [raptorcs.com] is an option, although the price point is obviously out of reach for many people. Raptor Engineering actually did the work to implement several of the boards currently supported by libreboot.
Unfortunately Leah seems very good at pissing off everyone who tries to work with her, which does not inspire confidence in the long-term future of libreboot as a project. Getting this release out helps to restore that confidence. I wish her the best of luck.
(Score: 1, Insightful) by Anonymous Coward on Tuesday May 25 2021, @07:53PM (5 children)
Leah Rowe actually signed the pro-Stallman open letter over on github when that became a thing. I had to do a double-take, but despite that rather public controversy over the FSF/GNU trans employee who got fired, she's come out backing him over lambasting him. Thought that as an interesting bit of trivia for anyone hear who hadn't noticed it before.
With that said, I think open firmware in the x86 ecosystem as well as peripheral devices is effectively dead, and show of starting up an entirely new technology base we only have less and less security and anonymity to look forward to in our hardware going forward. Everything is leaking UUID or device serial numbers now so without operating systems intentionally designed to sanitize that information and assurances that backdoor 'identification instructions' aren't included, there is no way to have user-trustable hardware using modern systems anymore.
(Score: 3, Interesting) by bzipitidoo on Tuesday May 25 2021, @09:44PM (4 children)
On that note, I just received yet another menacing "copyright infringement" notice today. Said they've continued to receive complaints. My ISP put my account on "quarantine", as if a few accusations of piracy is grounds for suspecting my computers might be "sick". Forced me to click on a button to acknowledge that I had received the warning, before restoring service. I thought at first it was a technical problem, and am angry to learn it is actually a political problem.
I am not sure what to do about it. Talking to the ISP seems totally pointless. Their warning was packed with doublespeak, of which that word "quarantine" is an example. I can change to a different ISP. Perhaps that would clear the record. Ideally, I'd like to see ended permanently all pretensions that these "owners" think entitles them to monitor and accuse people of piracy, and think gives them the right and moral justification to shut down Internet service. We know their fondest wish is that the entire Internet be shut down. I'd like to see copyright ended instead.
I am also feeling considerable hesitance about buying a newer car. I don't want my car to spy on and monitor me, nor record my every move. Airline pilots live with black boxes, but commuters shouldn't have to, not until a lot of protections are in place. I can imagine a scenario in which a police officer pulls me over, and asks "Do you know how fast you were going?" and my car responds, "Yes, officer, I gave him a verbal warning that he was exceeding the speed limit by 11 mph" and, bam! Speeding ticket! Then it might come out later that my car was mistaken about what the current speed limit was, and that the cop knew I wasn't speeding but had tried that question just to fish for an admission of guilt and had actually pulled me over for something else, a burnt out taillight or some such. But it wouldn't matter, it'd be after the fact. I'd operate on that traitorous car to disable that crap before I drove it again. How far back do you have to go to escape self-monitoring cars? 1980s? Even older than that?
(Score: 0) by Anonymous Coward on Wednesday May 26 2021, @02:23AM (1 child)
Most any car with an airbag (which fires based on an accelerometer signal) will have some "black box" capability that can be read by someone (often only the airbag controller manufacturer, iirc).
(Score: 0) by Anonymous Coward on Wednesday May 26 2021, @05:25AM
A number of people sued manufacturers because their airbags fired improperly or other safety equipment malfunctioned. In that situation, it wasn't even he-said/she-said but the driver claimed one thing and it was next to impossible to prove they didn't with the closest being experts arguing both ways. Not surprising the manufacturers voluntarily started to add them to cars.
(Score: 2) by Reziac on Wednesday May 26 2021, @03:13AM (1 child)
Why bother with the cop and the ticket... just have the black box report you directly, and disable the car until you pay the fine!
Had my ISP do something similar ... told me I'd been naughty for downloading something I'd never even heard of.
And there is no Alkibiades to come back and save us from ourselves.
(Score: 0) by Anonymous Coward on Wednesday May 26 2021, @05:37AM
We had something like that at the office. IT got a warning that a certain IP of ours was seeding a ton of torrents. We looked through the machines and all the logs to no avail. Finally, we asked which of our addresses it was that was being bad, to try and narrow down the machine that could have caused the problem. So they reply that it is an IP address that we are not assigned statically or dynamically. That was a real headscratcher for ourselves and the person on their side that responded to our escalation of the claim. That particular address is in their AS but wasn't assigned to anyone at the time the complaint covered. Apparently, according to them, that isn't uncommon because they routinely get complaints for all sorts of situations where it would be impossible for that address or customer to be infringing.
(Score: 0) by Anonymous Coward on Wednesday May 26 2021, @08:10PM
It's a dude, man!
(Score: 2) by Immerman on Tuesday May 25 2021, @05:46PM (3 children)
Heck, seems like the "obsolete" phones don't sell all that well, you really think increasing the price dramatically would improve the situation?
Most of the "paranoids" I know care far more about security than the latest and greatest features and performance, to the point that using "obsolete" hardware is hardly even a concern in comparison. I mean, what do you need the latest and greatest phone for? To be able to run the latest apps with who knows how much spyware built in?
I seriously doubt there's that many "slightly paranoids" out there that would rather use new hardware than secure hardware, but would be willing to pay the substantial premium for new, secure hardware. (There's always a substantial premium for niche hardware, economies of scale an all that)
The only potential large-scale clients I can think of would be national governments, security agencies, etc. And seeing how they're the very ones suspected of getting back doors, etc. installed in the first place, it'd look incredibly suspicious if they went out of their way to avoid that hardware. To the point that they'd probably lose a substantial amount of their presumed surveillance capacity over their most "interesting" targets, most of whom are likely at least mildly paranoid.
(Score: 1, Insightful) by Anonymous Coward on Tuesday May 25 2021, @09:08PM (1 child)
Well if no new product becomes available, what is a barely usable ten year old PC will soon be a twenty year old one. We gotta find a way or they win. They can just wait us out, wait for the old hardware to fail.
(Score: 2) by Immerman on Wednesday May 26 2021, @02:33AM
Of course if that's "their" goal, then they're hardy likely to make it easy for us to produce open hardware, are they? Especially when those cutting-edge features are what gives them their market edge.
My impression is that the open hardware folks pretty much work on a combination of
- reverse engineering control of hardware-level features of old hardware, which will always lag well behind the proprietary stuff since reverse engineering undocumented hardware is usually a major undertaking, and
- using newly manufactured versions of old hardware that's been well documented through either reverse engineering, or an increase in documentation as hardware manufacturers release more documentation to increase the value of old chips for niche products.
Which is pretty much exactly what you would expect. The open hardware people could theoretically develop their own version of well-documented cutting-edge hardware, but doing so costs a lot of money, which is usually in short supply. And invites competition from cheap clones developed from well-documented designs, which further shortens the money supply for future projects.
Basically, the poor documentation of proprietary designs seems to emerge as a natural consequence of the economic system we operate in, no great conspiracy needed. The chip developers have mostly learned well from the PC Clone Wars, and now do their best to keep the makers of cheap clone hardware as far behind as possible. That the rest of us lose out as a side effect is no concern of theirs. And if the situation also opens the door (so to speak...) for secretly adding "features" to cater to shadowy organizations? Well I'm sure they're all as pure as driven snow and would never consider actually doing such a thing. They're Capitalists after all, shining beacons of virtue and hope...
(Score: 0) by Anonymous Coward on Wednesday May 26 2021, @12:54AM
> the latest and greatest features
As long I can turn them off, I'm happy to have these.
(Score: 0) by Anonymous Coward on Wednesday May 26 2021, @05:59AM
AC writes: "One would think there would be enough of us paranoids that we could convince Intel or AMD to sell a batch of processors... But it doesn't happen."
It sort of did. And the bunch of paranoids work at the NSA. It is called the High Assurance Platform (HAP) and you can read about it at https://en.wikipedia.org/wiki/Intel_Management_Engine#%22High_Assurance_Platform%22_mode [wikipedia.org] and https://www.csoonline.com/article/3220476/researchers-say-now-you-too-can-disable-intel-me-backdoor-thanks-to-the-nsa.html [csoonline.com] and https://www.theregister.com/2017/08/29/intel_management_engine_can_be_disabled/ [theregister.com]
But it does not disable all of IME :-(
"Almost like an invisible hand around the throat of the marketplace. Somebody really likes their built in backdoor into every PC and server."
And that invisible hand could be the same people who wanted the High Assurance Platform ;-)