Anti-ME anti-UEFI anti-backdoor CPU

Isaac Collins
Isaac Collins

I am having pre-PSP and pre-UEFI AMD but thinking of downgrading.
I am scared of backdoors, the older hardware the better. And AM2/AM3 CPU's are overpowered, they are too fast for most tasks. Is socket939 safer? or should go even older?

How about we create some guidelines/FAQ that will say how each CPU family (intel amd and other architectures) are unsafe and backdoored? And also let's point out what is the performance and capabilities (SSE2, 64bits, etc) of each processor family. I am afraid SSE2 capable CPU is a must to run most software

Also, what do you think of splitting online and offline activity with two separate machines? But then, won't that be uncomfortable to use? It will be a pain to move data between both machines. For example you read something on webpage (using online machine) and then want to copy some text from webpage into document (that you have on offline machine). Maybe something using Virtual Machines would be better solution?

All urls found in this thread:
https://www.golem.de/news/security-hackern-gelingt-vollzugriff-auf-intel-me-per-usb-1711-131065.html
https://twitter.com/h0t_max/status/928269320064450560
https://libreboot.org/docs/hardware/#desktops-amd-intel-x86
https://libreboot.org/docs/hardware/#serversworkstations-amd-x86
https://libreboot.org/docs/hardware/#laptops-intel-x86
https://puri.sm/learn/freedom-roadmap/
https://www.coreboot.org/Chromebooks
https://en.wikipedia.org/wiki/Free_and_open-source_graphics_device_driver#ARM
https://github.com/altreact/archbk/issues/3
https://www.raptorcs.com/TALOSII/
https://www.powerpc-notebook.org/faq/
http://www.lemote.com/html/product/
https://www.sifive.com/products/freedom/
http://www.lowrisc.org/
Brandon Rogers
Brandon Rogers

Or maybe should nuke x86 and move to something else?
But how to run existing software and everything? In emulator? That's going to be slow

Gavin Long
Gavin Long

But then, won't that be uncomfortable to use? It will be a pain to move data between both machines.
just network them and firewall it on both ends. make sure the offline computer has no direct internet access or it's only available through a proxy that isn't on a default port.

Brayden Price
Brayden Price

There are some ARM boards that can run without blobs, so long as you don't need the GPU. Someone listed them in a recent thread (sorry I don't have url). They should run most software for *nix. For Windows stuff like games or whatnot, you'll probably need a separate machine that's without network (disconnect wifi radio/antenna if you can't remove the card). To transfer data, optical disk works and also gives you a backup. USB flash/disk is more risky.
It's not ideal, but it's better than having a full botnet Intel/Windows machine connected to Internet. I'll be unfomfortable if you're constantly moving data back-and-forth though.
Another option to transfer data is to use an intermediary tightly-controlled system from old hardware, connected via serial ports only. This acts as a file store or BBS you can send/receive stuff over zmodem or similar protocol, and doesn't allow anything else (and especially doesn't route TCP/IP). But it will be slow if you want to send big files, even at 115200 baud rate.

Joseph Ortiz
Joseph Ortiz

anti-ME anti-UEFI anti-backdoor CPU
AMD FX-83xx FX-63xx
Last decent CPUs without hardware backdoors.

Dominic Cox
Dominic Cox

Shit thread. Stop LARPing about being a leet NSA avoider. If you had any fucking clue what to do about anything, you'd be doing it.

Gabriel Cook
Gabriel Cook

AMD FX-83xx FX-63xx
Last decent CPUs without hardware backdoors.
How do you know they don't have backdoors?
They don't have PSP/ME or UEFI (mobos), but they could contain other backdoors. Also they have huge TDP/heat/power. And they are too fast anyway. Who would need so fast CPU?

Shit thread. Stop LARPing about being a leet NSA avoider. If you had any fucking clue what to do about anything, you'd be doing it.
Fuck you FBI nigger. We're moving from PSP/ME and UEFI and you will be able to do shit to us.

Owen Richardson
Owen Richardson

nigger I have 3 libreboot machines; an intel atom board, the D945GCLF; an X200, for a laptop; and a KGPE-D16 server

Carter Morris
Carter Morris

Who would need so fast CPU?
You are retarded.

Caleb Perez
Caleb Perez

There is only one way to avoid the NSA. Get rid of your computer. There is no other way. Libreboot will not help you.

Colton Phillips
Colton Phillips

so if your so skilled why you sage and negate the thread instead of giving advice?

<Who would need so fast CPU?
You are retarded.
Care to explain?
I do most things that can be done on PC, including CPU intensive things like video encoding, and I think FX cpus are overpowered. I don't understand why 90% of people would need CPU as strong as FX's.
The only thing that is slow no matter what CPU I feed it to is web browsing - and I don't mean how fast page loads, I mean how slow and shit, non-responsive browser is.

<There is only one way to avoid the NSA. Get rid of your computer. There is no other way. Libreboot will not help you.

YES GOYIM you cannot run from us, just accept us and install Google chip under your skin, there is no difference if you use non-ME non-UEFI PC and 2017 botnetted PC with Microsoft Windows 10

Jordan Campbell
Jordan Campbell

If there is no way then why do they invented ME and UEFI backdoors? Why they needed them if you claim that they already had everything?

Why did Truecrypt work and they were unable to decrypt people's drives?

Gavin Perez
Gavin Perez

Hackers manage full access to Intel ME via USB
https://www.golem.de/news/security-hackern-gelingt-vollzugriff-auf-intel-me-per-usb-1711-131065.html
Security researchers analyzing Intel's Management Engine (ME) for more than a year now report: "Game over!" for Intel. Researchers have full debug access to the ME via a dedicated USB interface.
For about a year, the researchers of the security company Positive Technologies caused a stir with their reverse engineering of the Intel Management Engine (ME). Recently, the researchers succeeded in executing unsigned code on the ME. Details will be presented at Black Hat Europe in early December. The involved in these works Maxim Goryachy now reports on Twitter : "Game Over!" , because the team has apparently managed to gain full access to the ME.
According to the rather brief announcement, the researchers have access to the functions of the ME via JTAG. The latter is a standardized method for debugging hardware and any integrated circuits during operation and thus also for changing their mode of operation. For this JTAG access, the team also probably uses the USB Direct Connect Interface (DCI) from Intel.
The DCI is intended primarily for the manufacturers of embedded systems with Intel chips and is used for a comparatively simple debug access to the hardware. Thus, the current UEFI and the hardware such as CPU or the so-called Platform Controller Hub (PCH) of the supported devices can be easily analyzed via USB 3.0 cable. The review of the actually specially protected ME and especially the complete programming access via JTAG are probably not planned.
For devices that have DCI enabled despite explicit warning from Intel, can be constructed from the findings of an extremely profound attack. The security researchers have already been able to locate some of these devices. Users or the operating system used have no way to detect or avoid this attack. Since the ME itself has full access to RAM and CPU, passwords or private keys can be read out and transferred.
ME may jeopardize safety
The Positive Technologies team also found out this year that the system was apparently derived from Minix, for which Minix inventor Andrew S. Tanenbaum thanked Intel . However, in an addendum, Tanenbaum also writes: "Many people, including me, do not like the idea of ​​an omnipotent management engine at all, because it's a potential security hole and a dangerous idea in the first place ."
Google's coreboot developers are therefore working with colleagues from Cisco and other companies to make the Intel ME and other proprietary firmware components as harmless as possible and, if possible, replace them with free software. The manufacturer Purism also sells equipment with its Librem laptops on which the ME is completely switched off. The ability to shut down the ME has also been discovered by Positive Technologies researchers this year.

Hudson Jenkins
Hudson Jenkins

Oops - Forgot the twitter link
https://twitter.com/h0t_max/status/928269320064450560

David Johnson
David Johnson

Here's a list I've been making with the help of halfchan.

Findings so far
x86:
For desktops, there's lots of C2Ds and atoms listed, but also some very nice opterons and apparently an iMac
https://libreboot.org/docs/hardware/#desktops-amd-intel-x86
https://libreboot.org/docs/hardware/#serversworkstations-amd-x86
For Laptops, you have the CD and C2D memepads
https://libreboot.org/docs/hardware/#laptops-intel-x86
Purism doesn't do libreboot, but their roadmap includes this as a future goal.
https://puri.sm/learn/freedom-roadmap/

ARM:
Obviously there's a shit ton of SBCs (Pi, Olimex, etc).
For a laptop option with an open firmware, try ARM Chromebooks.
I'm dead serious. Open it up, unscrew the write protection screw, reflash coreboot, install loonix of choice.
https://www.coreboot.org/Chromebooks
In general, your biggest concern with ARM is the GPU drivers.
Mali is fucked. Don't use it. PowerVR too. Vivante GC, Qualcomm Ardreno, and Broadcom VideoCore are fine.
https://en.wikipedia.org/wiki/Free_and_open-source_graphics_device_driver#ARM
Some anons have reported that lighter environments like XFCE are usable on stuff like Mali without the driver, but it's not ideal.
One user said he couldn't remove the ChromeOS on his libreboot C201. This github issue talks about a solution.
https://github.com/altreact/archbk/issues/3

OpenPOWER:
Raptor Engineering sells POWER9 workstations, that may soon be getting RYF certification.
They're expensive as fuck, but probably the most powerful non-botnet computers that exist.
https://www.raptorcs.com/TALOSII/

PowerPC:
Here is a project for a Libre PowerPC laptop, shooting for RYF certification.
https://www.powerpc-notebook.org/faq/

MIPS:
The /csg/ of desktops. Lemote is a chink company that sells libre MIPS boards, using PMON firmware.
http://www.lemote.com/html/product/

RISC-V:
Only SBCs here. SiFive has some.
https://www.sifive.com/products/freedom/
There's also LowRISC
http://www.lowrisc.org/

Adrian Long
Adrian Long

asks for advice about botnet
<leave computers. libreboot will not help you.
<aka actual advice
HURRRRRRR DURRRRR FBI NSA CIA ABC DEF TRYING TO BUTTDOOR ME XDDDDDDDDD

Nicholas Hughes
Nicholas Hughes

new CPUs aren't even getting faster, they just get more features, instruction set extensions, maybe some bigger caches, etc. you need the latest CPU to run goy apps because they're bloated pieces of shit that have been QA'd/debugged into existence using only the latest most popular hardware. i have several 10 year old machines and they are still in the multi GHz range and can run extremely intensive applications, yet cannot run something like agar.io, hipchat, discord, skype, etc without a terrible user experience

Asher Price
Asher Price

10 year cpu can easily do video encoding, 3D modeling, graphics/video editing, using old optimized software. but somehow it's not possible to smoothly run (((modern))) web browsers on same cpu

Charles Roberts
Charles Roberts

javascript and vp8 is the only difference between modern processors and athlon/pentiums of old in terms of general performance
we still can't multithread everything

Jack Hill
Jack Hill

You don't have to multithread everything. Stop trying to cram everything into web browser and just use the native hardware and OS. Then, your stuff runs plenty fast, even on a decade old machine. And it it's still slow, you can get rid of stupid desktop environment bloat and just use a plain old window manager. Even an old i386 Pentium 4 should be fast enough today for most tasks (maybe not video editing, but not everyone needs that).

Jaxon Lopez
Jaxon Lopez

how long does it take to compile gentoo on an old i386 pentium 4?

Robert Wright
Robert Wright

About 2 weeks. Those things only have like 16mb RAM.

Josiah Williams
Josiah Williams

I doubt the kernel will take much longer than a couple of hours. It's all the other software you compile (like web browsers) might take days.

Nolan Reed
Nolan Reed

Dunno, but I used to build OpenBSD kernel & userland overnight on weaker hardware (Pentium II). It didn't take all night either, just several hours.

My 33 MHz 486 maxed out at 16 megs. My last i386 was a P4 with 512 megs, and that mobo could take 1 gig (and it wasn't anything fancy at all).

This. Most Unix software is pretty lean, and I built all kinds of stuff on my 486 (which I only had 8 megs on). But when they started doing all this bloated desktop and browser shit, even powerful machines take a while. If anything this makes lean software much more desirable, since you can comfortably build it yourself on old non-botnet hardware. That's in addition to it being easier to audit, etc.

Noah Rivera
Noah Rivera

what is compiler

Christopher Cox
Christopher Cox

it's "computer," retard

Disable AdBlock to view this page

Disable AdBlock to view this page