[linux-elitists] Surveillance

Eugen Leitl eugen at leitl.org
Sun Sep 8 10:40:48 PDT 2013


On Sun, Sep 08, 2013 at 09:52:38AM -0700, Greg KH wrote:

> > A particular brand of notebook that takes coreboot, and where
> > the proprietary blob-needing parts are physically removed, and 
> > only hardware added that is supported by purely open source 
> > drivers.
> > 
> > I'm sorry to be so vague, but have my reasons.
> 
> I don't believe you.  Seriously, I don't.  You really have a way to
> "remove" the keyboard controller?  What about your USB host controller?
> Oh, you are using PS/2?  What about the firmware in that controller
> chip?  The microcode in the processor?

Obviously the modifications are not quite as radical, and are an attempt
to reduce the attack surface, especially one for remote exploits.
 
> Open drivers aren't the real issue.  Hardware you can "trust" is.

I agree we need open, trustable hardware. But we're not yet there yet.
Meanwhile, we can reduce the number of weak points that are exploitable.
Worse is better works.
 
> > There is another project which attempts to design an almost
> > completely open (with the exception of the CPU) board. I cannot
> > give you any more details, see above.
> 
> That's the same as saying, "I have a pink elephant, but I can't show
> you, you'll just have to trust me."

The hardware is real and it's running Linux already.
When/if it's ready to ship there will be an announcement.
 
> As you don't trust anyone, why should I trust you?

Sorry, I can't disclose any further details on a
public mailing list. Can I use 0x6092693E or
do you have a better key I can reach you with? 
 
> > An unrelated project that also attempts to be quite open and
> > is already public is the Parallella Epiphany. They should be
> > shipping very soon, and will be also available for nonbackers.
> 
> Those boards have some open HDL, which is great, but not all of it is
> open, you still have to rely on blobs from companies that you may, or
> may not, trust.

Yes. I never claimed that Epiphany is completely open hardware.
It is a step in the right direction, though.
 
> > > big problem), and even things as "simple" as a keyboard controller and
> > > mouse controller (I got started in Linux by writing keyboard and mice
> > > firmware, you can do a lot in those little things).  All of which could,
> > > and probably should, not be "trusted".  There's no way for anyone to
> > > "validate" all of those.


More information about the linux-elitists mailing list