I am looking to build a Linux gaming machine with open source firmware and Intel ME disabled. Is this viable?

  • Captain Aggravated@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    1
    ·
    13 days ago

    My understanding is there are few desirable motherboards that support Coreboot.

    Don’t like Intel Management Engine? or processors that shit themselves? go AMD.

    • cmnybo@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      22
      ·
      13 days ago

      AMD has the Platform Security Processor. While it supposedly doesn’t have network access, it’s still a block box with full access to all memory.

      • TMP_NKcYUEoM7kXg4qYe@lemmy.world
        link
        fedilink
        arrow-up
        5
        ·
        12 days ago

        As far as I know it’s also less documented. People have dug really deep into Intel ME that they even found a bit that disables most of the ME.

        On the other hand AMD is planning to use coreboot compatible open firmware in the next EPYC generation. Knowing AMD, it will eventually come to the consumer market too. (We’ll see if it will be available before Red Hat drops x11)

        Also there was a phoronix article recently that Intel is too messing around with Coreboot on Xeon.

    • sunzu2@thebrainbin.org
      link
      fedilink
      arrow-up
      1
      ·
      13 days ago

      What would be an example of a desirable mobo and what is the benefit of the coreboot?

      Any am4 options?

      • Captain Aggravated@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        4
        ·
        12 days ago

        By “desirable motherboard” in this context I mean a standard ATX (or standard size variants) motherboard with a currently supported socket and chipset commonly available on the consumer market. To run Intel 13th or 14th gen, or Ryzen 7000 or 9000. I don’t know if you can just buy an MSI or Asrock etc. board and expect to run Coreboot on them.

        What’s the advantage of coreboot? Soothes paranoia mainly. Both Intel and AMD platforms have little black boxes in them that run a separate little OS beneath Windows or Linux that has Ring 0 or similar low-level access to the hardware and could theoretically man in the middle anything done on the machine. Intel’s is MINIX based, it’s called the Intel Management Engine, and it genuinely is a little bit bile inducing reading what it has access to. AMD does have a simlar technology.

        In terms of performance, system stability etc? Very little. Once the kernel is loaded and in control of the hardware the BIOS doesn’t effect much AFAIK.

        I’m not very familiar with it but I’ve not heard much about even AM4 boards being supported. I think of Coreboot (or it’s completely binary blob free fork LibreBoot) and I think of either Purism or System76 and in both cases for their laptops.

        ===

        This kind of thing (the “main” operating system is built atop a secret basement full of god knows what) isn’t restricted to x86 either. On a Raspberry Pi, Linux running on the ARM cores is a second class citizen to ThreadX running on the VideoCore processor.

        • sunzu2@thebrainbin.org
          link
          fedilink
          arrow-up
          1
          ·
          12 days ago

          Thank you laying all of this out. I keep hearing about these issues but how did we get here and why is this being a concern now or am I just learning about it?

          • Captain Aggravated@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            3
            ·
            12 days ago

            My understanding of things like the IME is that its reason for being is mostly benign, it lets enterprise-level IT departments do things like boot computers from across the network and stuff like that. It has no real use to home customers on their private PCs, but it’s included on all systems to simplify engineering; it handles a lot of the early boot process. And it’s always running. The privacy enthusiasts out there who carry a copy of TAILS on their keychains just in case aren’t fond of the fact that there’s a proprietary OS with unrestricted access to memory and networking just sitting there with no way of auditing or monitoring what it was doing.

            This has been a thing for AWHILE now, and the whole coreboot thing…Intel, board manufacturers etc. keep their data so locked up that it’s a challenge to build anything that works, so it’s a miracle we have things like Coreboot at all. They largely concentrate on laptops IIRC, and it’s rare to see full fat desktop motherboards that work with Coreboot.