I am looking to build a Linux gaming machine with open source firmware and Intel ME disabled. Is this viable?

  • Captain Aggravated
    link
    fedilink
    English
    1018 days ago

    My understanding is there are few desirable motherboards that support Coreboot.

    Don’t like Intel Management Engine? or processors that shit themselves? go AMD.

    • @[email protected]
      link
      fedilink
      English
      2218 days ago

      AMD has the Platform Security Processor. While it supposedly doesn’t have network access, it’s still a block box with full access to all memory.

      • @TMP_NKcYUEoM7kXg4qYe
        link
        517 days ago

        As far as I know it’s also less documented. People have dug really deep into Intel ME that they even found a bit that disables most of the ME.

        On the other hand AMD is planning to use coreboot compatible open firmware in the next EPYC generation. Knowing AMD, it will eventually come to the consumer market too. (We’ll see if it will be available before Red Hat drops x11)

        Also there was a phoronix article recently that Intel is too messing around with Coreboot on Xeon.

    • sunzu2
      link
      fedilink
      118 days ago

      What would be an example of a desirable mobo and what is the benefit of the coreboot?

      Any am4 options?

      • Captain Aggravated
        link
        fedilink
        English
        317 days ago

        By “desirable motherboard” in this context I mean a standard ATX (or standard size variants) motherboard with a currently supported socket and chipset commonly available on the consumer market. To run Intel 13th or 14th gen, or Ryzen 7000 or 9000. I don’t know if you can just buy an MSI or Asrock etc. board and expect to run Coreboot on them.

        What’s the advantage of coreboot? Soothes paranoia mainly. Both Intel and AMD platforms have little black boxes in them that run a separate little OS beneath Windows or Linux that has Ring 0 or similar low-level access to the hardware and could theoretically man in the middle anything done on the machine. Intel’s is MINIX based, it’s called the Intel Management Engine, and it genuinely is a little bit bile inducing reading what it has access to. AMD does have a simlar technology.

        In terms of performance, system stability etc? Very little. Once the kernel is loaded and in control of the hardware the BIOS doesn’t effect much AFAIK.

        I’m not very familiar with it but I’ve not heard much about even AM4 boards being supported. I think of Coreboot (or it’s completely binary blob free fork LibreBoot) and I think of either Purism or System76 and in both cases for their laptops.

        ===

        This kind of thing (the “main” operating system is built atop a secret basement full of god knows what) isn’t restricted to x86 either. On a Raspberry Pi, Linux running on the ARM cores is a second class citizen to ThreadX running on the VideoCore processor.

        • sunzu2
          link
          fedilink
          117 days ago

          Thank you laying all of this out. I keep hearing about these issues but how did we get here and why is this being a concern now or am I just learning about it?

          • Captain Aggravated
            link
            fedilink
            English
            217 days ago

            My understanding of things like the IME is that its reason for being is mostly benign, it lets enterprise-level IT departments do things like boot computers from across the network and stuff like that. It has no real use to home customers on their private PCs, but it’s included on all systems to simplify engineering; it handles a lot of the early boot process. And it’s always running. The privacy enthusiasts out there who carry a copy of TAILS on their keychains just in case aren’t fond of the fact that there’s a proprietary OS with unrestricted access to memory and networking just sitting there with no way of auditing or monitoring what it was doing.

            This has been a thing for AWHILE now, and the whole coreboot thing…Intel, board manufacturers etc. keep their data so locked up that it’s a challenge to build anything that works, so it’s a miracle we have things like Coreboot at all. They largely concentrate on laptops IIRC, and it’s rare to see full fat desktop motherboards that work with Coreboot.

            • sunzu2
              link
              fedilink
              117 days ago

              They largely concentrate on laptops

              Main user base linux thinkpad enjoyer?