Re: [Libreboot] Minifree Libreboot D16 server/workstation launched

[Denis 'GNUtoo' Carikli]

On Fri, 30 Dec 2016 06:48:12 +0000
Leah Rowe <address@hidden> wrote:
> Hi all,
Hi,

> Minifree has launched a new freedom-friendly computer. Two, in fact.
> [...]
> 
> Desktop/workstation version:
> https://minifree.org/product/libreboot-d16/
> 
> Server version:
> https://minifree.org/product/libreboot-d16-server/
This is really nice.
Having more choice makes it easier to find computers that suits the
users (while still respecting their freedom).

> This is a high-end AMD server platform, being sold in server and
> extended ATX (desktop/workstation) form factor. It comes with Debian
> and Libreboot preinstalled.
For a server use case, how does debian compares to Trisquel.
What compromises do organisations like the FSF do when using Trisquel
as a server operating system?

As far as I know, PureOS[1] is based on debian but is not yet
certified.
If and When it is certified, could it be used instead of debian, and
what would the downsides of using it be compared to debian?

> This has positive implications for security in terms of audability,
> and therefore privacy in general (no backdoors!). It's also free
> software friendly, so there are zero binary blobs and zero proprietary
> software running on it in the OS or BIOS. You have all of the four
> freedoms over each part of the boot process, which means that you the
> user are in full control.
Not only, from the website[2]:
> FlexVer
> This is a new upcoming add-on/extension for the D16, ETA some time in
> 2017.
According to the minifree website it also contains "FlexVer".
It is also used on the Talos Secure Workstation[2], and if I understand
correctly the documentation[1][3][4] it is really a breaktrough, because
so far we had either:
- Proprietary software, that runs at boot, that we cannot trust,
  and that was meant to ensure the integrity of the boot software, like
  with the TPM application inside the management engine.
  Here trusting the management engine is not possible.
- Free sofware that we could choose to trust, but without any strong way
  of verifying its integrity. In my opinion it's far better than the
  proprietary software approach, but if people get used to have boot
  integrity, we should try to have it too, not to hamper the migration
  to free software.

  In many cases it is also a desirable thing to have if the user can
  control it (that means that the user can disable it and/or modify
  its functionality).

  As free software is flexible, several ways already existed, each with
  their advantages and downsides:
  - Not doing any integrity checks. Security was still possible by
    preventing attackers from using the machine (for instance with a
    password in grub) and forcing the attacker to physically open the
    machine to temper with it (which could be mitigated by using
    "seals" made with glider glue or nail polish with random patterns
    that are supposed not to be easily reproducible) .
  - Using the TPM to do integrity checking. Since by default nothing
    was forcing the TPM to be initialized setting part of the boot
    flash read-only can help, but as far as I know the flashrom patches
    to do it are not merged yet.
  - Using the chromebooks security model which is a combinaison of
    several approaches at once, including the two mentioned above.

References:
-----------
[1]https://puri.sm/pureos/
[2]https://minifree.org/product/libreboot-d16/
[3]https://www.raptorengineering.com/TALOS/documentation/flexver_intro.pdf
[4]https://www.crowdsupply.com/raptor-computing-systems/talos-secure-workstation/updates/talos-fpga-functions-and-responsibilities-part-1
[5]https://www.crowdsupply.com/raptor-computing-systems/talos-secure-workstation/updates/talos-fpga-functions-and-responsibilities-part-2

Denis.