I am looking to build a Linux gaming machine with open source firmware and Intel ME disabled. Is this viable?

  • sunzu2@thebrainbin.org
    link
    fedilink
    arrow-up
    1
    ·
    2 months ago

    What would be an example of a desirable mobo and what is the benefit of the coreboot?

    Any am4 options?

    • Captain Aggravated@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      3
      ·
      2 months ago

      By “desirable motherboard” in this context I mean a standard ATX (or standard size variants) motherboard with a currently supported socket and chipset commonly available on the consumer market. To run Intel 13th or 14th gen, or Ryzen 7000 or 9000. I don’t know if you can just buy an MSI or Asrock etc. board and expect to run Coreboot on them.

      What’s the advantage of coreboot? Soothes paranoia mainly. Both Intel and AMD platforms have little black boxes in them that run a separate little OS beneath Windows or Linux that has Ring 0 or similar low-level access to the hardware and could theoretically man in the middle anything done on the machine. Intel’s is MINIX based, it’s called the Intel Management Engine, and it genuinely is a little bit bile inducing reading what it has access to. AMD does have a simlar technology.

      In terms of performance, system stability etc? Very little. Once the kernel is loaded and in control of the hardware the BIOS doesn’t effect much AFAIK.

      I’m not very familiar with it but I’ve not heard much about even AM4 boards being supported. I think of Coreboot (or it’s completely binary blob free fork LibreBoot) and I think of either Purism or System76 and in both cases for their laptops.

      ===

      This kind of thing (the “main” operating system is built atop a secret basement full of god knows what) isn’t restricted to x86 either. On a Raspberry Pi, Linux running on the ARM cores is a second class citizen to ThreadX running on the VideoCore processor.

      • sunzu2@thebrainbin.org
        link
        fedilink
        arrow-up
        1
        ·
        2 months ago

        Thank you laying all of this out. I keep hearing about these issues but how did we get here and why is this being a concern now or am I just learning about it?

        • Captain Aggravated@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          ·
          2 months ago

          My understanding of things like the IME is that its reason for being is mostly benign, it lets enterprise-level IT departments do things like boot computers from across the network and stuff like that. It has no real use to home customers on their private PCs, but it’s included on all systems to simplify engineering; it handles a lot of the early boot process. And it’s always running. The privacy enthusiasts out there who carry a copy of TAILS on their keychains just in case aren’t fond of the fact that there’s a proprietary OS with unrestricted access to memory and networking just sitting there with no way of auditing or monitoring what it was doing.

          This has been a thing for AWHILE now, and the whole coreboot thing…Intel, board manufacturers etc. keep their data so locked up that it’s a challenge to build anything that works, so it’s a miracle we have things like Coreboot at all. They largely concentrate on laptops IIRC, and it’s rare to see full fat desktop motherboards that work with Coreboot.