this post was submitted on 25 Dec 2023
387 points (92.9% liked)
linuxmemes
20473 readers
1185 users here now
I use Arch btw
Sister communities:
- LemmyMemes: Memes
- LemmyShitpost: Anything and everything goes.
- RISA: Star Trek memes and shitposts
Community rules
- Follow the site-wide rules and code of conduct
- Be civil
- Post Linux-related content
- No recent reposts
Please report posts and comments that break these rules!
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Context?
Debian uses its own version of the Linux kernel with proprietary parts removed; however, if you want to install it on a machine that does have hardware for which there are no free drivers (which is to say almost any machine out there in the market), you'll have to install proprietary parts; in the last version, Debian 12, system does that by default.
Intel Management Engine is a CPU-level microprogram that runs with highest priority and does not have open code, so essentially every PC with Intel CPU runs some arbitrary code we cannot verify. Same for AMD Platform Security Processor by the way, so there is no simple escape.
Oh and BIOS is proprietary too, and only a few select machines can have a fully libre BIOS successfully installed on them.
Thereby even if you go to essentially libre version of Linux, there will, almost universally, be pieces of obfuscated code with no disclosure on what they're doing there.
IME is even worse than that. It runs on a supervisor processor in the chipset that has privileged access to the memory, peripherals, and CPU, and can run when the rest of the system is powered off. IME is how Intel AMT can serve as a KVM-over-IP, and just because you don't have a CPU with Vpro doesn't mean all the components aren't there for an exploited or backdoored ME firmware to remotely log your console or inject keystrokes.
Apparently it can also read any decryption keys read by the cpu.
Thanks for adding up!
Didn't knew about the Debian part I thought they said that they will ship an installer with non-free by default and another installer which you can configure.
Btw I'm on my way to build a new x220 with libreboot and GUIX can we get more free than that? Xd
You might be right on that - you know, everyone faced the challenge to find the right Debian installer :D
Wow, good luck with your project!
Isn't that a hardware problem though? At some point you want your software to work, and years of reverse engineering for it to do so is a long time for it isn't it?
Well, it's obviously dictated by hardware and the software that manufacturers release for it. I'm not calling enthusiasts to reverse engineer every single driver, that's impossible.
The point is, there is a lot of proprietary blobs in everyone's systems, and it's not cool. If you ask me, we should obviously shift policies to force manufacturers to open source drivers and management systems.
Is there a completely libre platform out there. I don't have any problem with running a risv-v CPU or anything similar
RISC-V should be fine, if price, performance, software support, and form-factors are all okay for you.
For most, it isn't, but if you wanna go such great lenghts, I'd say you have a chance.
Can you recommended any board?
Sadly, not really - didn't go deep into various options.
But maybe someone else can help?