On 09/17/2015 12:00 PM, grarpamp wrote:
On Wed, Sep 16, 2015 at 10:48 AM, Blibbet <blibbet@gmail.com> wrote:
Quoting a tweet from Joanna if Invisible Things Lab, on the topic of older hardware (than Purism's current choice):
https://twitter.com/rootkovska/status/643414071514148864
"and old systems do not have IOMMU (VT-d) which makes them even less secure, trustworthy."
Question this in regards to number of gates available / needed for secret malefactor vs gatecount timeline vs time at which govt agencies and corp might desire and begin to cooperate or independantly perform same. ie: Are your your 486 or p55c and chipsets likely to contain malware? What about your Skylake? Given how ATT / Verizon / Sprint and others totally rolled over for Bush/911 what makes you think Intel or AMD or Microsoft are any different? WTF is up with windows 10? As if 7 vista and xp and Ubuntu Linux weren't enough.
search: AnandTech, Intel has now stopped quoting gatecount with Skylake. https://en.wikipedia.org/wiki/NSAKEY
Not trying to dis old refurbished x86s. Just pointing out a specific area to investigate w/r/t older x86 hardware. Joanna's tweet was one specfic case to look into. Pre-CHIPSEC, it is less clear to me. I wish I had a complete list of issues (i.e., the set of things to write for a CHIPSEC test profile for that hardware). Old Thinkpads are great, but a LIMITED resource, we can't just rely on old hardware forever. I wonder if Cyrix/Via/Transmeta/etc clones are also viable to be refurbished by Ministry of Freedom, and have any chance of being secure? I also wonder about MIPS and SunSPARC chips, they have some old boxes to refurbish, as well as some new MIPS boxes (a recent Chinese one not only runs MIPS but also x86 and ARM instructions!). If I were to hold out hope for an ISA that might be trustworthy, it would be the RISC-V. But that'll take a year or longer. The Raven3 board just came out, shown at HotChips. I hope that's the chip that Purism uses for their next laptop, along with the recent Open Hardware GPU, also announced at HotChips. Until then, I can update my own firmware on my ARM dev boards, and -- sans FSP blobs -- on Intel dev boards. And I have an ancient -- i.e., unknown security profile --- x86 with Libreboot. Wish Libreboot used coreboot's Verifed Boot, for a bit more protection, but that can be patched. Not sure about Win10. I've heard they have a freeware version, which is ad-sponsored, which must be be fun. Ubuntu, or as a friend of mine calls them, "Spybuntu", has been abusing privacy for years. I wouldn't ever trust an OS which is run by a single company. Debian isn't run by a single company. It isn't perfect, but has fewer than most. Does anyone have any opinion of Mempo, compared to QubesOS? I haven't used it yet, but it looks interesting. Qubes is great for Intel systems, but what about non-Intel, eg, ARM, does their isolation tech scale to non-Intel ISAs? If not, what OS should ARM users use? (Purism recently tweeted that they're going to get their PureOS to use parts of QubesOS. I don't presume to have a trustworthy or secure firmware, on any Intel box, perhaps AMD box, maybe ARM boxes. (The latter two seem to have less security research than Intel x86/x64 systems, if anyone has good pointers to ARM/AMD and other modern non-Intel HW, please speak up.) Eg: http://timeglider.com/timeline/5ca2daa6078caaf4 Or see last slide of most CHIPSEC or LebaCore talks, they have a good bibilography. Thanks.