Anti-ME anti-UEFI anti-backdoor CPU

Isaac Collins
Isaac Collins

I am having pre-PSP and pre-UEFI AMD but thinking of downgrading.
I am scared of backdoors, the older hardware the better. And AM2/AM3 CPU's are overpowered, they are too fast for most tasks. Is socket939 safer? or should go even older?

How about we create some guidelines/FAQ that will say how each CPU family (intel amd and other architectures) are unsafe and backdoored? And also let's point out what is the performance and capabilities (SSE2, 64bits, etc) of each processor family. I am afraid SSE2 capable CPU is a must to run most software

Also, what do you think of splitting online and offline activity with two separate machines? But then, won't that be uncomfortable to use? It will be a pain to move data between both machines. For example you read something on webpage (using online machine) and then want to copy some text from webpage into document (that you have on offline machine). Maybe something using Virtual Machines would be better solution?

All urls found in this thread:
https://www.golem.de/news/security-hackern-gelingt-vollzugriff-auf-intel-me-per-usb-1711-131065.html
https://twitter.com/h0t_max/status/928269320064450560
https://libreboot.org/docs/hardware/#desktops-amd-intel-x86
https://libreboot.org/docs/hardware/#serversworkstations-amd-x86
https://libreboot.org/docs/hardware/#laptops-intel-x86
https://puri.sm/learn/freedom-roadmap/
https://www.coreboot.org/Chromebooks
https://en.wikipedia.org/wiki/Free_and_open-source_graphics_device_driver#ARM
https://github.com/altreact/archbk/issues/3
https://www.raptorcs.com/TALOSII/
https://www.powerpc-notebook.org/faq/
http://www.lemote.com/html/product/
https://www.sifive.com/products/freedom/
http://www.lowrisc.org/
https://en.wikipedia.org/wiki/System_Management_Mode
Brandon Rogers
Brandon Rogers

Or maybe should nuke x86 and move to something else?
But how to run existing software and everything? In emulator? That's going to be slow

Gavin Long
Gavin Long

But then, won't that be uncomfortable to use? It will be a pain to move data between both machines.
just network them and firewall it on both ends. make sure the offline computer has no direct internet access or it's only available through a proxy that isn't on a default port.

Brayden Price
Brayden Price

There are some ARM boards that can run without blobs, so long as you don't need the GPU. Someone listed them in a recent thread (sorry I don't have url). They should run most software for *nix. For Windows stuff like games or whatnot, you'll probably need a separate machine that's without network (disconnect wifi radio/antenna if you can't remove the card). To transfer data, optical disk works and also gives you a backup. USB flash/disk is more risky.
It's not ideal, but it's better than having a full botnet Intel/Windows machine connected to Internet. I'll be unfomfortable if you're constantly moving data back-and-forth though.
Another option to transfer data is to use an intermediary tightly-controlled system from old hardware, connected via serial ports only. This acts as a file store or BBS you can send/receive stuff over zmodem or similar protocol, and doesn't allow anything else (and especially doesn't route TCP/IP). But it will be slow if you want to send big files, even at 115200 baud rate.

Joseph Ortiz
Joseph Ortiz

anti-ME anti-UEFI anti-backdoor CPU
AMD FX-83xx FX-63xx
Last decent CPUs without hardware backdoors.

Dominic Cox
Dominic Cox

Shit thread. Stop LARPing about being a leet NSA avoider. If you had any fucking clue what to do about anything, you'd be doing it.

Gabriel Cook
Gabriel Cook

AMD FX-83xx FX-63xx
Last decent CPUs without hardware backdoors.
How do you know they don't have backdoors?
They don't have PSP/ME or UEFI (mobos), but they could contain other backdoors. Also they have huge TDP/heat/power. And they are too fast anyway. Who would need so fast CPU?

Shit thread. Stop LARPing about being a leet NSA avoider. If you had any fucking clue what to do about anything, you'd be doing it.
Fuck you FBI nigger. We're moving from PSP/ME and UEFI and you will be able to do shit to us.

Owen Richardson
Owen Richardson

nigger I have 3 libreboot machines; an intel atom board, the D945GCLF; an X200, for a laptop; and a KGPE-D16 server

Carter Morris
Carter Morris

Who would need so fast CPU?
You are retarded.

Caleb Perez
Caleb Perez

There is only one way to avoid the NSA. Get rid of your computer. There is no other way. Libreboot will not help you.

Colton Phillips
Colton Phillips

so if your so skilled why you sage and negate the thread instead of giving advice?

<Who would need so fast CPU?
You are retarded.
Care to explain?
I do most things that can be done on PC, including CPU intensive things like video encoding, and I think FX cpus are overpowered. I don't understand why 90% of people would need CPU as strong as FX's.
The only thing that is slow no matter what CPU I feed it to is web browsing - and I don't mean how fast page loads, I mean how slow and shit, non-responsive browser is.

<There is only one way to avoid the NSA. Get rid of your computer. There is no other way. Libreboot will not help you.

YES GOYIM you cannot run from us, just accept us and install Google chip under your skin, there is no difference if you use non-ME non-UEFI PC and 2017 botnetted PC with Microsoft Windows 10

Jordan Campbell
Jordan Campbell

If there is no way then why do they invented ME and UEFI backdoors? Why they needed them if you claim that they already had everything?

Why did Truecrypt work and they were unable to decrypt people's drives?

Gavin Perez
Gavin Perez

Hackers manage full access to Intel ME via USB
https://www.golem.de/news/security-hackern-gelingt-vollzugriff-auf-intel-me-per-usb-1711-131065.html
Security researchers analyzing Intel's Management Engine (ME) for more than a year now report: "Game over!" for Intel. Researchers have full debug access to the ME via a dedicated USB interface.
For about a year, the researchers of the security company Positive Technologies caused a stir with their reverse engineering of the Intel Management Engine (ME). Recently, the researchers succeeded in executing unsigned code on the ME. Details will be presented at Black Hat Europe in early December. The involved in these works Maxim Goryachy now reports on Twitter : "Game Over!" , because the team has apparently managed to gain full access to the ME.
According to the rather brief announcement, the researchers have access to the functions of the ME via JTAG. The latter is a standardized method for debugging hardware and any integrated circuits during operation and thus also for changing their mode of operation. For this JTAG access, the team also probably uses the USB Direct Connect Interface (DCI) from Intel.
The DCI is intended primarily for the manufacturers of embedded systems with Intel chips and is used for a comparatively simple debug access to the hardware. Thus, the current UEFI and the hardware such as CPU or the so-called Platform Controller Hub (PCH) of the supported devices can be easily analyzed via USB 3.0 cable. The review of the actually specially protected ME and especially the complete programming access via JTAG are probably not planned.
For devices that have DCI enabled despite explicit warning from Intel, can be constructed from the findings of an extremely profound attack. The security researchers have already been able to locate some of these devices. Users or the operating system used have no way to detect or avoid this attack. Since the ME itself has full access to RAM and CPU, passwords or private keys can be read out and transferred.
ME may jeopardize safety
The Positive Technologies team also found out this year that the system was apparently derived from Minix, for which Minix inventor Andrew S. Tanenbaum thanked Intel . However, in an addendum, Tanenbaum also writes: "Many people, including me, do not like the idea of ​​an omnipotent management engine at all, because it's a potential security hole and a dangerous idea in the first place ."
Google's coreboot developers are therefore working with colleagues from Cisco and other companies to make the Intel ME and other proprietary firmware components as harmless as possible and, if possible, replace them with free software. The manufacturer Purism also sells equipment with its Librem laptops on which the ME is completely switched off. The ability to shut down the ME has also been discovered by Positive Technologies researchers this year.

Hudson Jenkins
Hudson Jenkins

Oops - Forgot the twitter link
https://twitter.com/h0t_max/status/928269320064450560

David Johnson
David Johnson

Here's a list I've been making with the help of halfchan.

Findings so far
x86:
For desktops, there's lots of C2Ds and atoms listed, but also some very nice opterons and apparently an iMac
https://libreboot.org/docs/hardware/#desktops-amd-intel-x86
https://libreboot.org/docs/hardware/#serversworkstations-amd-x86
For Laptops, you have the CD and C2D memepads
https://libreboot.org/docs/hardware/#laptops-intel-x86
Purism doesn't do libreboot, but their roadmap includes this as a future goal.
https://puri.sm/learn/freedom-roadmap/

ARM:
Obviously there's a shit ton of SBCs (Pi, Olimex, etc).
For a laptop option with an open firmware, try ARM Chromebooks.
I'm dead serious. Open it up, unscrew the write protection screw, reflash coreboot, install loonix of choice.
https://www.coreboot.org/Chromebooks
In general, your biggest concern with ARM is the GPU drivers.
Mali is fucked. Don't use it. PowerVR too. Vivante GC, Qualcomm Ardreno, and Broadcom VideoCore are fine.
https://en.wikipedia.org/wiki/Free_and_open-source_graphics_device_driver#ARM
Some anons have reported that lighter environments like XFCE are usable on stuff like Mali without the driver, but it's not ideal.
One user said he couldn't remove the ChromeOS on his libreboot C201. This github issue talks about a solution.
https://github.com/altreact/archbk/issues/3

OpenPOWER:
Raptor Engineering sells POWER9 workstations, that may soon be getting RYF certification.
They're expensive as fuck, but probably the most powerful non-botnet computers that exist.
https://www.raptorcs.com/TALOSII/

PowerPC:
Here is a project for a Libre PowerPC laptop, shooting for RYF certification.
https://www.powerpc-notebook.org/faq/

MIPS:
The /csg/ of desktops. Lemote is a chink company that sells libre MIPS boards, using PMON firmware.
http://www.lemote.com/html/product/

RISC-V:
Only SBCs here. SiFive has some.
https://www.sifive.com/products/freedom/
There's also LowRISC
http://www.lowrisc.org/

Adrian Long
Adrian Long

asks for advice about botnet
<leave computers. libreboot will not help you.
<aka actual advice
HURRRRRRR DURRRRR FBI NSA CIA ABC DEF TRYING TO BUTTDOOR ME XDDDDDDDDD

Nicholas Hughes
Nicholas Hughes

new CPUs aren't even getting faster, they just get more features, instruction set extensions, maybe some bigger caches, etc. you need the latest CPU to run goy apps because they're bloated pieces of shit that have been QA'd/debugged into existence using only the latest most popular hardware. i have several 10 year old machines and they are still in the multi GHz range and can run extremely intensive applications, yet cannot run something like agar.io, hipchat, discord, skype, etc without a terrible user experience

Asher Price
Asher Price

10 year cpu can easily do video encoding, 3D modeling, graphics/video editing, using old optimized software. but somehow it's not possible to smoothly run (((modern))) web browsers on same cpu

Charles Roberts
Charles Roberts

javascript and vp8 is the only difference between modern processors and athlon/pentiums of old in terms of general performance
we still can't multithread everything

Jack Hill
Jack Hill

You don't have to multithread everything. Stop trying to cram everything into web browser and just use the native hardware and OS. Then, your stuff runs plenty fast, even on a decade old machine. And it it's still slow, you can get rid of stupid desktop environment bloat and just use a plain old window manager. Even an old i386 Pentium 4 should be fast enough today for most tasks (maybe not video editing, but not everyone needs that).

Jaxon Lopez
Jaxon Lopez

how long does it take to compile gentoo on an old i386 pentium 4?

Robert Wright
Robert Wright

About 2 weeks. Those things only have like 16mb RAM.

Josiah Williams
Josiah Williams

I doubt the kernel will take much longer than a couple of hours. It's all the other software you compile (like web browsers) might take days.

Nolan Reed
Nolan Reed

Dunno, but I used to build OpenBSD kernel & userland overnight on weaker hardware (Pentium II). It didn't take all night either, just several hours.

My 33 MHz 486 maxed out at 16 megs. My last i386 was a P4 with 512 megs, and that mobo could take 1 gig (and it wasn't anything fancy at all).

This. Most Unix software is pretty lean, and I built all kinds of stuff on my 486 (which I only had 8 megs on). But when they started doing all this bloated desktop and browser shit, even powerful machines take a while. If anything this makes lean software much more desirable, since you can comfortably build it yourself on old non-botnet hardware. That's in addition to it being easier to audit, etc.

Noah Rivera
Noah Rivera

what is compiler

Christopher Cox
Christopher Cox

it's "computer," retard

Asher Kelly
Asher Kelly

Pqoeojfxownsuhxueldocuhrkixwpwkfic

Jason James
Jason James

anti-botnet cpu
The only one you can get like that is the one your make yourself
/thread

Jack Mitchell
Jack Mitchell

I don't even have enough computer to do that.

Adam Sullivan
Adam Sullivan

new CPUs aren't even getting faster
If you're comfortable with your Commodore 64, that's fine. But don't let feelz>reelz, grandpa.

Levi Wilson
Levi Wilson

Why do you want to run existing software in a different CPU? Why not fork your software and port it to the different CPU?

Brayden King
Brayden King

I am scared of backdoors, the older hardware the better
older processors have vulns because they just didn't have sophisticated security.

Jaxon Butler
Jaxon Butler

Those graphs clearly show that IPC is no longer improving in a significant way. A 0.4% improvement is not worth upgrading for.

Jack Cooper
Jack Cooper

x86
system management mode is the backdoor
powerpc and openpower
side channels and debug ports
arm
debug ports and system management mode like functions
RISC V
Debug ports
If you want to avoid hardware backdoors then avoid x86 and ARM based proccessors of any age. If you want to avoid software based backdoors you best use anything pre core2 duo x86 and anything pre ARMv7 for ARM. If you want secure hardware, it doesn't exist.

Christian Lewis
Christian Lewis

Those improvements add up, as you'll notice the first graph shows a 20% cumulative improvement from the ancient Core 2 chips you're talking about to modern ones, and the second graph shows the improvements can be several times greater yet for some applications. That's all without counting other improvements included in newer CPUs, like much more aggressive clocking thanks to process shrinks and better dynamic clocking, bigger caches, and faster system buses (particularly for RAM).

Such old x86 chips are so slow, you'd get better performance emulating it on a modern tablet SoC.

Eli Diaz
Eli Diaz

If you are going to upgrade to anything botnetted go to the intel haswell generation. As it is the last proccessor before the un-removeable version of ME and graphics blobs for intel gpu's. Haswell added more execution units to the proccessor for more throroughput.

Christopher Martin
Christopher Martin

Oh gosh, people can do nasty things when they have physical access to the machine!

Tyler Garcia
Tyler Garcia

Broadwell is fine too, (((Librem))) laptops are based on Broadwell chips that run free graphic drivers.

Michael Barnes
Michael Barnes

No need to get that old.

You can get a AM3+ FX-8370e, these are the 90w under volted processors, specially binned for it. They are the best of the process and will overclock to about 4.4/4.6 Ghz on air and will reach 5GHz on water. Much better than the FX-9590 which is shit because it will not go 5GHz on all four cores because of its settings, the 8370e will. This will make run like the faster I5 from April this year, so still pretty good.

You can get the last fastest BIOS motherboard the GA-990FXA-UD3/UD5/UD7 with the lower revisions 1.0/1.1/1.2. They basically have all of the modern connectors present except for for M.2 support. But add about 4 Samsung 850 Pro's/Evo's in raid 0 and you will have M.2 speed with 2 GB/s read and write. hould not be to expensive now.

Then get 1866 DDR3 with the lowest CAS of 8 or 9. These have the best true latency and perform better than 2400 DDR with higher CAS that have shittier latency as well. The FX processors work better with 1866.

You can add any modern latest video card in SLI etc.

This will be a very fast system that can still play all modern games at good settings.

Ayden Sanders
Ayden Sanders

PSP/ME or UEFI (mobos),
Get GA-990FXA, they still have BIOS, FX-83** do not have PSP

Jaxon Morris
Jaxon Morris

And they are too fast anyway. Who would need so fast CPU?

And 640k should be enough for everyone.

Robert Howard
Robert Howard

How is debug port a backdoor? That's like saying IMSAI and Altair are backdoored because you can view/toggle cpu registers at the front panel. It's only a backdoor if this capability is available to the entire world over the network, such as in the case of Intel ME.

Jackson Murphy
Jackson Murphy

If you want to avoid SMM in x86, you have to go back to 80386 chips (and avoid the SL variant).
https://en.wikipedia.org/wiki/System_Management_Mode

Disable AdBlock to view this page

Disable AdBlock to view this page