Fwd: [qubes-devel] Purism Librem 13 and Qubes

[coderman]

---------- Forwarded message ----------
From: Radoslaw Szkodzinski <astralstorm@gmail.com>
Date: Sun, 27 Sep 2015 02:01:58 +0200
Subject: Re: [qubes-devel] Purism Librem 13 and Qubes

On Fri, Sep 25, 2015 at 7:32 PM, Jeremias E. <j.eppler@openmailbox.org> wrote:
>
>
> Am Freitag, 25. September 2015 16:33:39 UTC+2 schrieb Radosław Szkodziński:
>>
>> On Mon, Sep 21, 2015 at 10:48 PM, Fredrik Strömberg
>> <stro...@mullvad.net> wrote:
>> > I love the Purism initiative. I really hope they succeed.
>>
>> They cannot truly succeed until Intel opens Management Engine code,
>> SINIT blob, microcode, memory initialization code and more...
>> Coreboot on its own is not enough.
>> http://www.coreboot.org/Binary_situation
>
>
> They can succeed starting a movement, which has an economical impact.
> If Intel sees their is a marked they want to be part of it, because they
> want to
> make money.

Actually, this is not the first laptop based on open firmware and
software. Glugglug/Minifree did that quite a bit of time ago with
their Libreboot, even FSF certified. Nobody cares, sadly.
Librem likely will fail too for the same reasons - ideology is not
enough, and they are even worse at it technically-wise.

On the other hand, having a more secure laptop is a tangible benefit.
Without backdoors, with fewer bugs, audited firmware, perhaps even
partially audited hardware.

Maybe even make it easier on the designers, produce a server platform
matching those requirements - there's more of a market.
Google might even get in, as they are known to use a lot of customized
firmware and even hardware. I think they used to support Coreboot
itself.
They might have stopped caring about this though.

> A good example for such a movement is the Fairphone.
> The first Fairphone was for enthusiasts, but not a real competitor on the
> mobile phone marked.
> The Fairphone 2 is a real competitor to other mobile phones.

Having competitive hardware or design is not the same as being a competitor.
Try this argument again when it's actually a competitor to, say, any
iPhone. At least in top 10.

By the way, Fairphone 2 is a nice story for uninformed people, about
on par with Librem.
I approve of their other efforts, but it's nowhere near enough or
close to what's necessary.

The critical component, Qualcomm 801 chipset, will be running a
proprietary microkernel with proprietary RF firmware, proprietary DSP
code and more.
Good luck getting Qualcomm to open that - they are quite hostile to
any of those efforts.

Again, poor choice of an architecture and a very tough nut to crack.
(For instance, Marvell is way more open and much less hostile.)

>> That would probably open a whole can of worms related to security
>> which then would have to be patched, of course.
>>
>> For now, the best solution would be to try to get Librem to make an
>> AMD-based laptop and test Qubes on it.
>
>
> Is a nice technical and economical idea, because AMD will maybe help to
> build such a platform.

I wouldn't quite count on it, though they seem to be expanding their
open source drivers effort which bodes somewhat well.

That said, their GPUs still require a few fat, complex firmware blobs
- fortunately Qubes is pretty good at scraping GUI and enforcing
separation thereof.

P.S. If we're talking about pie in the sky designs:
Probably the best design for an OS like Qubes would be to have
separate small CPUs instead of many cores, with separate RAM and
memory controller. Maybe even an integrated GPU each to run OpenGL.
Multiple USB controllers and hubs to simplify hardware redirection.
Multiple small flash drives or even chips. Expensive, power intensive,
hard to cool and large though.

Think a tiny cluster of mostly separate PCs, connected via an
extremely fast bus, such as HyperTransport. NUMA considerations would
be less important here as the CPUs with their associated memory would
be dedicated to a VM and the support exists in both Xen and Linux
anyway.

-- 
Radosław Szkodziński