
Novena: A Laptop with No Secrets - zmanian
http://spectrum.ieee.org/consumer-electronics/portable-devices/novena-a-laptop-with-no-secrets
======
Vexs
I've been following the Novena since it's conception, it's a neat idea, and
even though it's not 100% open source, it's closer than everything else we
have. And the fact that you can just build hardware ontop of what's already
there due to the FPGA and massive IO bus is downright neat. They've already
demonstrated stuff like an oscilloscope.

Also, Bunnie is a very cool guy, his blog is a wealth of information on
hardware design, and Chinese manufacturing process. If anyone can make a
laptop that has every component open source, it's him. might take time, but
hey.

~~~
chaostheory
Good to know that he's working on something new post Chumbie

------
nickpsecurity
It's not a laptop with no secrets or fully open-sourced. There's the hardware
components internal operation, the FPGA tools, and so on that need to be open.
Incidentally, the things with the biggest risk, too. Freescale operates DOD-
certified fabs in U.S. on top of it with major sales to U.S. govt. Whatever
subversion risk Intel poses we must assume Freescale does as well.

It's actually a laptop for FPGA hackers with incremental steps in the
direction of an open-source laptop. That's great. That they made FPGA
development a bit easier _plus_ made a more open laptop is extra great. So,
let's give them props they deserve while acknowledging it's still
untrustworthy hardware and there's plenty of ways to go.

~~~
SomeCallMeTim
It kills me that it has no working GPU. :(

I found the wording about XFce to be weird: They claimed to not use Ubuntu
because they needed XFce, but ...

[http://xubuntu.org/](http://xubuntu.org/)

~~~
xobs
The GPU is being worked on. The Mesa driver is being worked on as we speak by
a number of people including rmk and jnettlet, with austriancoder's
experimental repo located at
[https://github.com/austriancoder/mesa-1](https://github.com/austriancoder/mesa-1).
If you want to get technical, we already have fully open-source 2D
acceleration, and we routinely use the 2D GPU to e.g. do colorspace conversion
and 2D scaling on video.

I went with Debian because we knew some Debian people. At one point I
considered moving to Ubuntu, because they package "Firefox" and "Thunderbird"
(instead of rebranding them) and they have Chromium as well. There were lots
of teething problems, though, ranging from their Xorg modesetting driver
refusing to use generic KMS on a non-PCI system, to strange oddities when no
initrd was present, to the desktop straight-up crashing when logging in (turns
out Unity assumes GL is present and has no fallback.) Ubuntu seems to make
many assumptions about running on standard x86 hardware, and was rough around
the edges. We could have polished it, but it seemed easier to stick with
Debian.

~~~
nickpsecurity
Thanks for the explanation. Debian makes sense in that light.

------
catskull
> This open-source requirement of ours ended up influencing the selection of
> almost every piece of hardware, including the main CPU, the battery
> controller, and the Wi-Fi module. For example, we couldn’t use Intel’s x86
> microprocessors because they can accept firmware updates that we cannot
> debug or inspect. Instead we chose an ARM-based Freescale i.MX6 system-on-a-
> chip, which has no such updatable code embedded. (A system-on-a-chip, or
> SoC, is similar to a microprocessor except it has more of the supporting
> hardware, such as memory and peripheral interfaces, needed to make a
> complete computer.) The i.MX6 does have some code burned into it to
> coordinate the computer’s boot-up process, but this firmware can’t be
> changed, and its unencrypted binary code can be read out and analyzed for
> possible security problems.

I'm confused. They claim the open source requirement prevented them from going
with an intel chip, but then they say the reason why was because intel could
push firmware updates. Furthermore, the Freescale SoC has firmware built in,
but it's not open source.

Is this what we consider open source these days? Sure, a good whitepaper is
nice, but it's not open source. Don't get me wrong, this is still nice effort
on the open front, but calling this a "laptop with no secrets" seems like a
stretch.

~~~
kawsper
People are afraid of the Intel Management Engine, and you can read about it
here: [http://libreboot.org/faq/#intel](http://libreboot.org/faq/#intel)

It is a dense and very detailed text, but basically your Intel CPU contains
Active Management Technology (AMT) which lets remote users control your
computer, which may or may not be what you want, and there might be backdoors
hiding here.

It also includes Intel Boot Guard, which prevents users from installing their
own firmware (such as libreboot and coreboot) because it needs to be signed
with a key from Intel.

The page sums it up like this:

> In summary, the Intel Management Engine and its applications are a backdoor
> with total access to and control over the rest of the PC. The ME is a threat
> to freedom, security, and privacy, and the libreboot project strongly
> recommends avoiding it entirely. Since recent versions of it can't be
> removed, this means avoiding all recent generations of Intel hardware.

~~~
jakeogh
Also see Joanna Rutkowska's recent paper:
[https://news.ycombinator.com/item?id=10458318](https://news.ycombinator.com/item?id=10458318)
(fun reading).

------
scott_karana
How in the world does a SMART-compatible Samsung SSD _not_ have secrets?

Did they never read any of Snowden's leaks? :(

[https://www.google.ca/search?q=nsa+hard+drive+firmware](https://www.google.ca/search?q=nsa+hard+drive+firmware)

~~~
adj_
It seems that you don't know that they are aware about the topic. In fact they
proved the possibility of running arbitrary code on some sdcards'
microcontroller:

[http://www.bunniestudios.com/blog/?p=3554](http://www.bunniestudios.com/blog/?p=3554)

~~~
scott_karana
Well, I read through the entire article and despite the detailed attention
lavished on CPUs and GPUs, there was not a single mention of their disk's
security.

It's disappointing that if they are "aware" of the problem, they didn't
mention it to their audience in an article about their device's security,
don't you think?

------
nextos
We need a cheap general purpose Novena-like laptop.

I'd argue a really good place to start from is a custom Rockchip machine (like
Asus C201, which is now supported by Libreboot). Add a free GPU (or finish the
Lima driver) and we are ready to go.

------
akhilcacharya
I like the project, but I'm not a fan of the designs they're going with for
the first run - I'd prefer a model more similar to the one they first teased a
few years ago, if only in terms of form factor [1]

[1]: [http://www.geeky-gadgets.com/wp-
content/uploads/2014/01/Open...](http://www.geeky-gadgets.com/wp-
content/uploads/2014/01/Open-Source-Laptop.jpg)

~~~
xobs
There were a few issues with that design. One was that we never really got
hinges working. I bought some friction hinges, but couldn't settle on a way to
attach them. The temporary bodge was to 3D print some chucks with an angle on
them to use.

The other was that it was difficult to get past airport security. The German
agents seemed to at least appreciate that we'd built a laptop that we can
trust.

Finally, it was nigh impossible to access things like the FPGA and the serial
ports. I find myself using GPIOs all the time to do things like bitbang SWD,
and being able to do that by reaching around the screen is handy, not to
mention being able to mount the thing being debugged under SWD directly in the
case, so it's much easier to take with me.

------
snvzz
I'm hoping this is the start of a trend.

The true start will be once the lowrisc SoC is out, and open hardware devices
using it start to flood the market.

------
mmastrac
If the heirloom version didn't sell out so quickly I might have bought one.
Fortunately for my wallet they were gone fast!

Might be worth laser-cutting a case out of nice wood for one though. Hmm.

------
acd
I´m looking for a laptop that is easy to repair and has open source hardware.

Preferably there would be something like the ITX standard for laptops with
different standard designs. Like a ultra book, notebook and different screen
sizes. If there was standardized screen you could easily repair your laptop.

All hardware should be open. The firmware should be open with known checksums.
Open boot loader. Open source operating system.

All components should be upgradable so that once the laptop speed wise is
obsolete by moores law it should be easy to dissamble and recyle the
materials. Further you should be able to reuse components which does not age
that fast as the cpu and mainboard, for example the keyboard, mouse and
display.

We throw a lot of electronic garbage, that ends up being exported to cheap
scrap yards in China and Africa, this needs to change if we do not want a junk
yard planet.

~~~
ymse
Fairphone is doing something similar with their upcoming phone. Although the
hardware is not open. They should talk with OP.

[https://www.fairphone.com/phone/](https://www.fairphone.com/phone/)

~~~
reirob
Thanks for sharing. Just looked on their site, but can't see when the
Fairphone 2 will be coming and what other OSes it will be able to run
additionally to Android 5.1. Any idea?

------
aij
Why didn't they use an open source CPU? Eg: OpenSPARC

~~~
xobs
Aside from the fact that we're familiar with Freescale and ARM, many other
chips we "could have used" are unobtanium. While it's true that there is a
source-level implementation, I can't find any T1 or T2 parts available for
purchase. It's the same reason why we went with an A9 instead of an A15 or a
64-bit chip: You just can't buy them unless you're a big company. And if a
small two-person company can't buy them, how can we claim it's open source
hardware if you can't buy them either?

The other possibility would be to fab a chip ourselves, but that's a whole
other order of magnitude in terms of cost and complexity, and the result isn't
that great in terms of speed and available peripherals. Plus, when you fab a
chip like this a lot of the hardware blocks are IP provided by the chip
foundry, e.g. flash controllers and DRAM cells, and those are always closed-
source. It just moves the whole thing one turtle down.

------
kriro
Interesting, never heard of this before. I have backed a pitop on indigogo
with the plan of switching out the pi for a beaglebone to get closer to all
open components.

Very cool project :)

------
mfincham
I have one of these machines and it's been great fun so far to hack on. The
development process and the continuing work of the community has been great to
be a part of.

------
pjmlp
Nice effort, but software rendering is a no go in 2015.

------
eccstartup
1\. Open does not mean ugly.

2\. C'est trop cher!

3\. Is it a manually-capsuled desktop-style laptop?

4\. Is it light enough to carry?

5\. Where can I get one?

------
ekianjo
The expression "GNU/Linux is a special version of Linux" sounds a big strange
to me. GNU/Linux is an actual OS, not a version of the Linux kernel. That's
really the wrong way to explain things.

~~~
vog
Maybe this was meant to distinguish GNU/Linux from other Linux userlands, such
as Android?

Apart from that, for the layman "Linux" is generally understood as the whole
Linux distribution, not just the kernel or the OS.

Still, even from that perspective this wording is quite confusing.

------
erronjason
It's sad that it's been 25+ years in the making to finally get something sort
of okay, and even then it's ridiculously expensive by contrast of closed
source. Why can't we have something thinkpad-like for the cost? Don't they
know they'd make metric craptons of money on something like that?

~~~
chadzawistowski
You might be looking for the Libreboot X200, a FSF-approved refurbished
Thinkpad X200.

[http://minifree.org/product/libreboot-x200/](http://minifree.org/product/libreboot-x200/)

~~~
mtw
all out of stock?

~~~
kawsper
Yes.

The author of libreboot, and owner of Minifree (former Gluglug) said that he
would complete all current orders, so he would mark them as out-of-stock.

You can buy a X200 and free your laptop yourself if you dare :) You can swing
by #libreboot on Freenode if you have any interest in the project.

~~~
yuhong
Of course, I dislike how libreboot doesn't do microcode updates anyway. ARM
processors have no microcode at all.

------
theallan
Possibly slightly off topic, and not something I would normally comment on,
but wow - what a lot of adverts! Desktop browser and aside from the full
screen ad you need to click through on load, about 3/5 of the screen is
adverts.

I've been torturing myself over the idea of having a single banner ad on my
site (decided not to for now), but this is something that makes me want to
finally give up and install an adblocker.

------
chatman
It looks terrible. These are the kinds of machines that bring bad name to the
concept of free/open source hardware. Nothing that is the fault of Bunnie, but
something that reflects a sad reality.

~~~
avmich
This is a machine for early adopters - not the followers.

~~~
chatman
The sad part is that we are talking about "early" adoption with just 2 months
to go for 2016!

