this post was submitted on 25 Dec 2023
350 points (92.7% liked)

linuxmemes

21226 readers
86 users here now

Hint: :q!


Sister communities:


Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
  • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
  • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.

  • Please report posts and comments that break these rules!

    founded 1 year ago
    MODERATORS
     
    you are viewing a single comment's thread
    view the rest of the comments
    [–] Sanyanov@lemmy.world 35 points 10 months ago* (last edited 10 months ago) (4 children)

    Debian uses its own version of the Linux kernel with proprietary parts removed; however, if you want to install it on a machine that does have hardware for which there are no free drivers (which is to say almost any machine out there in the market), you'll have to install proprietary parts; in the last version, Debian 12, system does that by default.

    Intel Management Engine is a CPU-level microprogram that runs with highest priority and does not have open code, so essentially every PC with Intel CPU runs some arbitrary code we cannot verify. Same for AMD Platform Security Processor by the way, so there is no simple escape.

    Oh and BIOS is proprietary too, and only a few select machines can have a fully libre BIOS successfully installed on them.

    Thereby even if you go to essentially libre version of Linux, there will, almost universally, be pieces of obfuscated code with no disclosure on what they're doing there.

    [–] al177@lemmy.sdf.org 14 points 10 months ago (2 children)

    IME is even worse than that. It runs on a supervisor processor in the chipset that has privileged access to the memory, peripherals, and CPU, and can run when the rest of the system is powered off. IME is how Intel AMT can serve as a KVM-over-IP, and just because you don't have a CPU with Vpro doesn't mean all the components aren't there for an exploited or backdoored ME firmware to remotely log your console or inject keystrokes.

    [–] LainOfTheWired@lemy.lol 11 points 10 months ago

    Apparently it can also read any decryption keys read by the cpu.

    [–] Sanyanov@lemmy.world 1 points 10 months ago

    Thanks for adding up!

    [–] mariusafa@lemmy.sdf.org 7 points 10 months ago (1 children)

    Didn't knew about the Debian part I thought they said that they will ship an installer with non-free by default and another installer which you can configure.

    Btw I'm on my way to build a new x220 with libreboot and GUIX can we get more free than that? Xd

    [–] Sanyanov@lemmy.world 5 points 10 months ago

    You might be right on that - you know, everyone faced the challenge to find the right Debian installer :D

    Wow, good luck with your project!

    [–] bouh@lemmy.world 5 points 10 months ago (1 children)

    Isn't that a hardware problem though? At some point you want your software to work, and years of reverse engineering for it to do so is a long time for it isn't it?

    [–] Sanyanov@lemmy.world 10 points 10 months ago

    Well, it's obviously dictated by hardware and the software that manufacturers release for it. I'm not calling enthusiasts to reverse engineer every single driver, that's impossible.

    The point is, there is a lot of proprietary blobs in everyone's systems, and it's not cool. If you ask me, we should obviously shift policies to force manufacturers to open source drivers and management systems.

    [–] miningforrocks@lemmy.ml 2 points 10 months ago (1 children)

    Is there a completely libre platform out there. I don't have any problem with running a risv-v CPU or anything similar

    [–] Sanyanov@lemmy.world 4 points 10 months ago (1 children)

    RISC-V should be fine, if price, performance, software support, and form-factors are all okay for you.

    For most, it isn't, but if you wanna go such great lenghts, I'd say you have a chance.

    [–] miningforrocks@lemmy.ml 1 points 10 months ago (1 children)

    Can you recommended any board?

    [–] Sanyanov@lemmy.world 2 points 10 months ago

    Sadly, not really - didn't go deep into various options.

    But maybe someone else can help?