Let me know if you have any questions. The source for this can be found here:
There are instructions there for building and testing the firmware in QEMU, you do not need to have our hardware to try it out.
How are you claiming open source firmware when your hardware requires signed, closed source binaries to even begin to boot? I refer specifically to the Intel Management Engine, which incidentally is why we gave up on x86 many years ago.
How did you solve the GPU closed, signed firmware problem for discrete GPUs? How about the WiFi card firmware?
I understand your decision to try to keep compatibility with games and Windows, but the result is only partly open source, and that is not what these headlines read.
I know we would be interested in assisting System76 (or other prebuilt system OEMs) to start offering POWER products as true open source, owner controlled alternatives to Intel and AMD. For instance, we currently manufacture and sell mainboards that would be a perfect fit for your existing Thelio cases, that work very well with (optional) powerful AMD GPUs -- there's also a 2D HDMI graphics option for true blob-free operation. All you need to do is qualify our mainboard in your devices, and offer software support -- it's a very low risk investment all things considered but would allow System76 to sell truly open source systems vs. partly closed ones.
Is there some possible room for collaboration here? The GPU, WiFi, etc. firmware questions are honest questions -- the firmware is potential issue, and the more OEMs/ODMs that work this problem simultaneously in collaboration the higher the chance of a solution being found that will allow even those devices to be freed up and made secure.
Your requirements probably aren't too far off of one of our Blackbird systems -- I suspect it's just the form factor (micro-ATX) that's the problem. You might even be able to do the pull plug for minutes trick with a suitably sized lithium battery tucked inside the slimline chassis. ;)
Your products target "Freedom, no matter the costs" while their products aim for "better than what the market has right now, at consumer friendly price points".
Both are important: they demonstrate that there's mass market appeal, you demonstrate that there's an achievable ultimate goal.
If you want to join forces, there needs to be a common story that works for both. Right now, their story isn't sufficiently Free-with-capital-F for you and your story isn't sufficiently consumer-compatible for them.
I just gave them a path to a desktop that is POWER based, with very low up front costs (basically take their existing Thelio chassis, swap mainboards from x86 to POWER, do some software builds of Pop!_OS, and do a trial launch). I think that's a far more reasonable initial trial than going for a full laptop. It's also relatively consumer friendly, especially in today's cloud era where the proprietary apps people are using might just well be behind a web browser in the first place.
If they were a laptop-only company I'd agree with your assessment (I'm not happy with the GPU situation at all, that's the primary blocker for a libre laptop), but they're a laptop and desktop company. That means there's more ways they can test market owner controlled systems than a full up laptop design with massive design + tooling costs for an uncertain return.
I suspect that the laptops are their mass market driver though. Note how S76 has laptops + desktops, Purism has laptops + phone stuff, and Pine64 has laptops, phones and watches.
All of them do laptops plus some excentricity that may or may not translate in good future business: desktop systems are excentric these days and apparently they're not even the most popular pick when branching out, phones are.
For embedded and laptop devices, are there power devices or other options for truly free firmware?
The desktop price point on current boxes are still high, do you foresee those prices dropping in the future?
Will newer POWER architectures create a large workload for you or is it more simple?
Price point is not likely to drop until we reach a largely self sufficient critical mass of users, developers, and software. Only x86 has crossed that threshold right now, so it's clearly a high bar. Still, the more users we have, the more possibility for pricing drops in the future!
New POWER is near seamless from a software perspective, just like on x86. Upgrade kernel, keep using your existing software installs. And since POWER is now an open ISA, that software will basically keep working forever -- if you needed to reimplement it on a 22nd century FPGA due to lack of hardware, you're legally able to do so. This is not the case for x86 or ARM.
I've been looking for one and I have the same concerns you do, and right now the only thing I realistically see if I want completely open is a thinkpad x200/t400 flashed with libreboot.
Nothing I do with secure data hard-requires that level of portability, and for insecure (tracked, DRMed, closed + signed firmware) mobile use a Lineage smartphone is good enough for what I do. A laptop with closed / signed firmware simply doesn't gain me anything worth having over the phone.
My personal desktop is a Blackbird. The couple of old x86 apps I can't easily ditch (because they are open source but need MVC APIs and I'm too lazy to write the shim layer) I just forward X over SSH to an old corebooted Opteron box.
Can you put a POWER "base station" of sorts in your dorm / apartment and use a low power secure terminal, like a corebooted C201, to access it over an encrypted link?
I've done something like this when I had to travel last -- was able to maintain a stable link back to one of my POWER machines so the lack of local computing power on the laptop didn't matter. Really hate that Chromebook touchpad though. ;)
Both. Copyright applies to some aspects, patents to others, and then you also get into trademark rights. With the US having embraced effectively permanent copyright, ISAs will not be freely able to be implemented unless their owner expressly allows it (my understanding is that the Oracle vs. Google case solidified this thinking).
Fundamentally, that means you get to pick from RISC-V, POWER, or SPARC when selecting a well known ISA for your new device, or start signing licensing agreements (which always come with restrictions and oftentimes significant royalties).
Kudos to you!
In my mind the RISC-V folks especially were real trailblazers in this space -- they took massive risks when no one, and I mean no one, was doing open source CPUs beyond soft cores. IBM focused more on open firmware, then eventually opened their ISA, but x86 vendors have had no such forward vision in their history -- the x86 vendors have followed in this space, not led, for well over a decade, and indeed both sides of the x86 duopoly (Intel and AMD) are both separately on record as having stated their goal is to take control away from the machine owner in whatever manner they need to in order to fulfill their DRM contracts.
Even with this laptop announcement, if I'm honest, more following is being demonstrated -- the coreboot user community had open source firmware ARM laptops (Chromebooks) available quite a long time ago, why weren't those hailed as building new roads when they appeared? Does anyone really think we would have reached a point where an x86 vendor would be trying to advertise even partly open source firmware without the pioneering efforts of the competing, truly open architectures?
This laptop won't stop Windows exfiltrating your data. These x86 systems are leaky, they require sizeable amounts of low level binary firmware to even boot, and proper isolation is near impossible. Try sticking a PCIe diagnostic system on an open PCIe slot and sending commands to the WiFi or Ethernet card -- most likely it'll respond . Then consider the firmware in the various controllers attached to the PCIe bus, including your GPU.
It's probably a violation of your game's anticheat system to try to sandbox it. It's definitely a violation of the NVIDIA driver EULA to run it in a virtual machine, unless you pay the enterprise driver license fees and use a server grade adapter. The kind of adapter you won't usually find in a laptop, by the way.
This is a topic that I find very frustrating. We all know you want to do the above. It can't be done without license violations all over the place, or head-in-sand make-believe "security", on modern x86 hardware. No wishing, hoping, etc. will make this change.
 Yes, this is known to happen on specific x86 systems that I have personally tried (in that case, it was a malfunctioning GPU writing to the disk controller!). Invalid cross-device access was also tried on a POWER box, where the invalid accesses were blocked and logged as intended.
System76 have been providing practical solutions for running free software on available hardware for years now. That does indeed deserve kudos, even from you.
Keeping a kilowatt of computing power running at all times at home and connecting to it with a dumb ChromeOS terminal as you're suggesting is quite honestly not a viable solution for many people. And excluding practicalities (which a real person, of course, cannot) it might even be worse for security depending on your threat model.
No idea where you're getting a kilowatt from. My desktop uses maybe 120W or so, with a lot of that going to the AMD GPU.
If we're going to trade barbs over ecological damage, what happens to all those Intel and AMD systems that would have been useable if they had just had updates to the locked/signed firmware, but are instead floating around in landfills because the vendor decided they wanted to enforce their control and not issue security updates?
System76 is making free software computing more attractive and available. You might think of what they do as easier than what you do, and you might disagree with the way they prioritize security over other factors in their products, but I still think it's pretty bad of you to imply that what they're doing is not valuable to this community.
What they are doing in that space is valuable. However, with just a bit more tweaking, they could offer something a whole lot more valuable in parallel, and leave this whole semi-open x86 issue behind. If they were to offer even a couple of actually open source firmware systems, and indicate somewhere in the marketing that the x86 boxes are only partly open source, that would not only eliminate the entire controversy here but also allow them to take the next logical step in open software. If their core mission has basically been to make open source easy to consume, that's a worthy goal; why not go a bit further and make open source on open hardware with fully open firmware just as easy to consume?
Clearly there's demand, from the comments in this thread alone!
They don't. That's why I'm here, to provide the missing other half of the story.
Hardware becomes more complex and can include internal software that from a user perspective is just part of the hardware. But in fact, it is software running doing complex things outside of the oversight and control of the user.
Do you have plans to not just have open software but also open hardware? Do you hope to offer a device in the future with not just free software, but with the source files of the integrating hardware like the motherboard as well as of the chips like CPU and auxiliary ICs? Do you see a possibility to start with an open RSIC-V CPU?
This seamless transition is one of the key benefits of an open ISA in my mind; development and testing of algorithms can be handled on the closed but top of the line (i.e. extremely powerful) ASIC, then when sensitive data is being handled that same binary can literally be run without changes on the soft core or other slower, but open, system. You could even compile on the slower ultra-trusted system, and test the binary on the larger ASIC -- lots of interesting possibilities here!
It's also structured very well, quite clean for learning purposes etc. The current goal so far as I know is to perfect this core, and fork for a more complex / powerful variant. Maybe by the time that's done, the open FPGA tooling will have caught up enough to be able to run a usefully fast (~200MHz) POWER soft core, all in FPGA logic...
I'd strongly prefer a ppc64 core over a RISC-V core for one simple reason: we have a wide deployed base of very powerful ppc64 machines, and not having to keep cross compilers and related environments around is a massive streamlining step that we don't even know the full effects of yet (it hasn't been legal until now to have the SoC under development running the same architecture as the high end workstations and servers used to develop [for] it). The demo of using mainline GCC on a POWER box to build a binary for the Microwatt (that would also run on the host with KVM, if desired, for fast trace and debug) was most impressive.
Funny enough I've heard claims recently that Steam/VAC detects KVM virtualization and temporary kicks from VAC games as a result.
Which is one reason why I don't rent games on Steam, and why I bought a PS4 instead. If I'm going to have to game on a completely locked down system, I vastly prefer to do it on a system that doesn't touch any of my personal data and for which I can still buy permanent, resalable (and yes, even lendable) games on physical media.
PC gaming hasn't interested me since Steam on Windows with mandatory anticheat became the primary way to play games.
And yes, a lot of us do love OSS but also have clients who require windows compatibility. Some of us do deep learning and need good GPU/Cuda support. We all do compromises with OSS ideals, and it is GREAT to have people like System76 fill in that niche.
Otherwise the choice would be only between pure-FSF machine that run only some specific distribs of linux (I do own a novena, you know) or totally proprietary system that come only with windows and 50 GB of crapware. Without Systm 76, I would just be buying another DELL so thanks and kudos to them.
Thanks and kudos to the people who also uncompromisingly prepare an open and resilient ecosystem of open chips, open GPUs, open firmware.
But please do show some love to each other and dont get stuck in an absolutist position where you can't see the difference between people trying to find a market to OSS pieces and promoters of walled gardens.
If these efforts were even potentially likely to result in open x86 systems someday, I wouldn't be as opposed to them as I am now. But when you have both x86 silicon vendors on record as being contractually and legally unable, let alone unwilling, to allow owner control, all I see is a massive waste of effort with a known incomplete (i.e. partly closed) endgame. Worse, that effort is detracting from other efforts that are providing fully open computing right now, today.
My recommendation has always been to use the commodity x86 world's greatest advantage if you have to use Windows: cost. Get the absolute cheapest possible Windows system you can find that still has enough power to support your clients, plan on replacing it every so often as Windows churns along, and actually invest in a secure, open computer for everything else.
x86 is a closed ISA with closed, locked, signed firmware. All appearances are that it will stay that way permanently, with just enough late-stage open firmware allowed to create sufficient marketing confusion in less technical circles. Why not select and embrace one of the open ISAs for non-Windows computing? Who knows, you might be helping make secure / non-hostile computing happen on a large scale just a little bit faster! :)
We won't get to a fully open ecosystem in a day. It wont be a single project, and the more experimental parts you add to the platform, the higher the cost you pay in instability, complexity of maintenance, and performances.
I am not always running windows. But I have it installed for when I have to test aginst it.
I am not a dissident, a journalist or a spy, so my threat model is not the NSA or PCC prying on my contact list.
My threat model is the scenario "Microsoft and a random hardware vendor team up to make sure <Technology X> can never work on linux" which history has shown to be a credible one.
Actors like System 76 fight against it and I am grateful.
Getting CPUs, motherboards, GPU and drive drivers provably clean and incapable of spying is a magnitude harder, starts being feasible, but so far I am not in a category where I absolutely need that. I am pretty happy that some people start offering that too but it helps no one to pretend that people working on these parallel lines are somehow opposed. That's a self-defeating attitude!
Yeah. It wouldn't have stopped him, probably just made him want an open platform even more.
Also, with the price difference between the two it would be a more interesting hardware using this difference to acquire more RAM.
Like, it's kinda maddening that "the" household name in Linux laptops (if there is such a thing) has zero laptops with an AMD GPU as an option.
There was some confrontation over that 10 years ago or so (see radeon vs. radeonhd drivers, one point of view is described at https://libv.livejournal.com/27799.html) and the people in charge of Linux GPU drivers decided to go with AtomBIOS.
I'm failing to see how this is any worse than the current situation with Nvidia drivers, especially if System76 is preinstalling them. You'll need blobs either way. You'll arguably need far more of them for an Nvidia GPU than an AMD GPU.
For AtomBIOS, you have a single vendor virtual machine environment (bytecode + semantics) describing whatever they need in a custom form. There's no other documentation for the things out there than AtomBIOS speciment, making reimplementation rather complex.
The reasons for going with Nvidia are:
* Nvidia is more power efficient. This is really critical for mobile devices
* Nvidia has CUDA, which is important for (among other things) folks that use machine learning frameworks
* System76 has put in work to make using Nvidia GPUs more seamless on Linux (pre-installing the drivers, etc.)
I don't think the same can be said for Navi vs. Nvidia's architecture. Also, Nvidia is working on their own 7nm based GPUs.
> Are the mobile AMD GPU options all that great?
I haven't had issues with them, even with high-performance stuff like gaming and CAD (can't speak much to machine learning, though).
> Nvidia has CUDA, which is important for (among other things) folks that use machine learning frameworks
What's stopping them from using OpenCL? Whether by using an ML library that actually supports OpenCL outright (e.g. Caffe, PlaidML) or using something like Hipify to convert from CUDA to OpenCL, that shouldn't be a limiting factor.
Back then, the case was unclear because so little stuff existed outside of the MPI & graphics worlds. Today, for most engineering leaders today, the CUDA ecosystem, and emerging productivity layers like RAPIDS is quite rich. They make OpenCL a niche & risky call. The goal should be writing ~100X more code than the OpenCL ecosystem is giving you, it's just surface level.
Good to know. I have a laptop with the Ryzen 3500U and the Vega 8 integrated graphics. I love it for what I use it for (light gaming) but I'm not familiar with the higher-end mobile GPUs.
> What's stopping them from using OpenCL? Whether by using an ML library that actually supports OpenCL outright (e.g. Caffe, PlaidML) or using something like Hipify to convert from CUDA to OpenCL, that shouldn't be a limiting factor.
I assume just familiarity? That's just what the ML people that I know use.
I would really like to see OpenCL take a dominant position in the GPU compute space, regardless of the GPU manufacturer that has best support for it.
I think we're still a little ways off from a tipping point towards OpenCL. I think it will be accelerated with Intel's launch of the Xe discrete graphics.
I'm less familiar with laptops: Do Intel and AMD CPUs even share a common socket?
The power management is an absolute joke (the thing has two batteries and barely lasts 2 hours total), suspend works maybe 20% of the time, and the OS actually freezes on it every now and then leaving no trace in syslog. I'd much rather get an Intel now if I had a choice.
For reference, I had a Ryzen 1800x and it had the same OS freeze issue. The latest Ryzen CPU hasn’t had any issue with 0% down time for months.
The E495 uses a newer rev of their chips and is completely usable (not as good as Intel) despite still not being on 7nm. I expect the next gen to be very competitive with Intel.
That being said, I'm really disappointed at the direction Lenovo is going by trying to make everything thin. I want a powerful laptop (compiling, light gaming) and I'm fine with some extra thickness, but I want don't want anything bigger than 14". If I want thin, I can go for the X models or the T...s models, but for some reason, the regular T line is getting thinner as well, and losing a lot of the reasons I have for getting them. I ended up with the E series because I don't want soldered RAM and I'm not paying a premium for a laptop that has much of what I want removed.
If System76 can deliver a decent Ryzen laptop (want those cores) with a good keyboard and open firmware, I'll pay. I'm happy with it being thick, provided it's not too wide (needs to fit in my bag). But all I see from System76 is mediocre laptops with open source bits, and that's just not my cup of tea.
Afaik newer generations have Intel beat on performance/watt, particularly in HT heavy applications and at least on desktop.
So it stands to reason those new Ryzen chips would also perform very well in laptops.
Ryzen can be more power-efficient in e.g. a server (constant near-100% load profile) while also being less power-efficient in a laptop (constant near-idle load profile.) People who talk about the Ryzen power efficiency numbers are only talking about how it performs in the server-like test context (or, often, a gaming context, where the measurement they’re using is just “what sort of PSU do you need to power this thing at max load.”) As is evidenced by sibling posts in this thread, Ryzen doesn’t fare so well in the laptop-like test context in practice.
You're bold. :)
Security isn't even the only good reason to disable HT.
coreboot on modern AMD requires (some amount of) PSP firmware (without which the x86 core wouldn't even turn on) + some parts of AGESA which were most recently shipped as "BinaryPI".
The situation is comparable, just that Intel has ~7 years of dealing with coreboot through Chromebooks now, while AMD dropped the ball after a great start and only picked it up again recently. If AMD sticks to the current trajectory, Intel and AMD would be similarly well supported in coreboot (with a similar amount of blobs required) at some point in the near future.
If you're aiming for fully blob-free operations, look for chips not newer than the early 90s. If you can live with not having loadable blobs (while boot ROMs on the CPU die are acceptable), that extends into the late 2000's, but requires some care when selecting your gear.
I wouldn't put any hopes on RISC-V when it comes to avoiding blobs because all higher performance variants will use the same "strings attached" high performance memory and bus controller function blocks whose developers will mandate a certain level of blobbiness.
Doesn't that mostly boil down to "avoid anything newer than Ivy Bridge/Bulldozer"?
> high performance memory […] controller function blocks
There are DDR4 controllers with FOSS training code out there :) https://github.com/MarvellEmbeddedProcessors/mv-ddr-marvell/...
pgeorgi has a valid point in that if you go for the cheapest off the shelf building block type DDR4 solution for your silicon design (won't name names here, but it's a widely known vendor in the silicon block space), those controllers come with mandated binary-only firmware. IBM (and apparently Marvell?) both didn't use that cheap off the shelf solution and also decided to release their training code. Kudos to both companies for bucking the trend here!
Since you presumably have pretty good contacts into IBM: ever asked if they'd consider pooling resources with other vendors around their interconnects in an open forum?
Not sure if DDR4 (or USB, or even PCIe 4.0) silicon is a huge differentiator for them, and those protocols all thrive on interoperability: no need for IBM (or Marvell, for example) to figure out all the issues with real world peripherals on their own.
Or do you mean the modern AGESA binary that has zero support whatsoever in coreboot right now?
Have you thought of addressing the market of people wanting a small (12 to 13 inch), robuste, laptops with trackpoint and no arbitrary memory limitation?
Lenovo has abandoned that market, and there's enough demand for people to create and sell kits for it. Could System 76 fill that gap?
I was sad when they got rid of the dual battery in the x280.
I looked really hard at System76, but I need a trackpoint. I also looked at the x210, and at the time I thought that was too much work, I'm starting to think it might be worth it.
Is replacing the cells enough, though? Isn't there a controller that needs resetting as well?
With only needing the Intel FSP, does that disable the Intel ME? And what other peripherals need closed firmware?
You also are not here:
I say that because I have been in the market for a laptop, and I am looking for a free(dom) based laptop. I looked there and it led me down the path of a Purism laptop.
Have you also thought about adding some sort of hardware kill switches for Cameras/microphones/Radios?
I will get https://www.coreboot.org/users.html updated as soon as possible.
Even if a key were to be stolen from Intel it would then be illegal to use in all Western nations. The ME is off limits to everyone other than Intel and its partners, enforced by both the hardware signatures and some of the most heavily enforced (in terms of consequences) legislation on the face of the planet.
Of course that won't stop malware authors, who couldn't care less about replacing the ME firmware to make it secure, but do care very much about the fact that they can hack into the stock, signed Intel ME firmware, then install their malware in a nearly impossible to detect position.
That would be https://review.coreboot.org/c/homepage/+/35957
libgfxinit works even on Kaby Lake now.. but I see that you're using some ridiculously new 10th-Generation stuff for new laptops.
> HECI message early in the boot process, so there are no runtime ME components similar to using the HAP bit on older ME versions
Hm, I haven't heard of the HAP bit being gone?
Also, you can still remove extra ME modules, right?
libgfxinit support for Comet Lake is coming. The Intel GOP driver is a bit different than this, though. There is an Intel PEIM graphics driver that comes from the PSP, that provides a software-rendering framebuffer similar to what libgfxinit does. The Intel GOP driver provides some hardware acceleration, which is useful especially for HiDPI systems but not critical to device functionality.
The HAP bit does not have an effect since ME version 12. ME 12 was used on Coffee Lake systems, and ME 14 is used on Comet Lake systems. These support a different method of disablement using a HECI message, presumably to make dynamic disabling of the ME easier to do. Our firmware always sends this message, having the same effect as setting the HAP bit.
me_cleaner does not appear to function on version 14 of the ME. As soon as it does, we will also utilize me_cleaner to remove ME modules.
But why would I believe this? It seems you're selling snake oil. You can't really call it open firmware if there's still a lot of closed firmware in it.
The ME could certainly still be active, that is true, but with modern x86 platforms attempting to disable the ME or PSP using the documented method is the best that can be done.
A very large amount of the work the firmware does is done by open source code in either Coreboot, EDK2, or the System76 firmware applications. It is my opinion that this definitely does count as open firmware.
You should look at the libreboot project and read their blurb on why they do not support post-2013 processors.
Trying to sell the devices described as open is harmful to the term. They're not. Perhaps the only devices which are at this time are the IBM POWER processors and the Raptor CS motherboards, discounting any silicon backdoors, and in the case of the Raptor motherboard, the ASpeed BMC.
Of course, ME has easier time doing that. But any ROM you can't inspect, any binary blob you load can do that.
I suppose that if you want this level of impenetrability, you have to go with everything custom. Could your memory controller scheme against you and alter RAM contents when a backdoor pattern is encountered? Do you trust IBM to not put a backdoor or a kill switch in your POWER9?
Implement your CPU, memory, bus, and disk controllers, NIC logic, etc, in FPGA. Build your own RAM with controllers you program, don't trust DIMM manufacturers. Write your own or adopt open booting software, same with firmware for the peripheral devices.
You'll get a very high security computer where a backdoor has basically nowhere to hide.
Alas, it won't fit the restrictions of a laptop.
If you're in the market for some slow CPU, maybe. For high performance stuff the creator will likely have to license some function blocks that come with strings attached.
I'd love to see a fully open RISC-V core with a DDR4 interface (and USB2/3 for all kinds of interfaces), but somehow I just don't see that happening before DDR4 is all but obsolete: those interfaces aren't trivial to build (so that they work with all kinds of stuff) and few folks have the equipment to test their Verilog (or whatever) that would implement these high speed controllers against real devices.
I do care that the in-memory key can not be read and transmitted without my OS' knowledge.
I have other computers for games and development and servers, and the NSA can have my steam password and already have my work email.
I can implement IEEE1275-1994 as fully closed sourced code and call it open firmware.
> if there's still a lot of closed firmware in it.
Downthread you mention "With nonCPU blobs there is (usually) a memory boundary", which I'll take as the boundary you made for yourself in these matters.
With this boundary, the amount of "closed" firmware doesn't matter. The right 8 bytes at the right place and time are enough. Guess what:
> But why would I believe this? It seems you're selling snake oil.
The initial bootstrap is basically always implemented in a boot ROM (whether you see it or not) and it could decide to implement a backdoor unless some conditions are met.
According to your criterion all computing out there more modern than Z80 or 65816 era stuff is insufficient.
Hardly. You can call it Open Firmware(TM), not open firmware.
Which is in any case irrelevant. Open Firmware != open firmware.
Given that there's apparently no protection at all, I see no reason why I'd have to adhere to your wish to use 1275's way of writing O and F in upper case. So yes, I _can_ call it open firmware.
Open Firmware != open firmware.
let's shorten the other thread, since you just reiterate the same claim all the time without backing it up: I reject your prescriptivism just like I reject snagglegaggle's.
Initial bootstrap can be ROM, can be closed, but need not be. Stop compromising and accepting the status quo. The IBM POWER systems by Raptor have open firmware at every level. Is the CPU design open? Not entirely, but it is overall better, and I'm not trying to mislead people about it like the sales rep in this thread.
Your firewire example is disingenious, and no, I would disagree that it is open. Charlatans like System76 abuse the terms to sell their products taking advantage of the goodwill of those who do not know better.
As few people already pointed out, it would be nice to see some laptops with AMD CPUs.
For me personally, I would also love having trackpoint, have it on my thinkpad and did not use touchpad once.
Thanks for your work!
How difficult was it for those companies to provide components that were OSS friendly? What is the main hurdle? Does it increase costs? Did you experience fightback from providers to make this project happen?
They're also really repairable; there are no proprietary/uncommon screw heads and no glue holding parts down. All of the major electronic components which can be socketed are, CPUs on mobile when soldered a few years ago unfortunately, and you can't really get them socketed anymore). Memory, Wireless, Storage, Battery, etc. are all user-replaceable, and generally repairs don't require bringing the laptop into a service center for repairs.
Glad to hear that you are using your devices outside of a clean room. Whenever I throw my work-issued Macbook in my bag and ride home, it's got dirt in the keys by the time I get home. I was the first in the office to need a keyboard replacement...
However, on a semi-related note, will the issue where a firmware update on dual-boot system (popOS and Windows) consistently breaks systemd-boot, forcing a start into Windows, be addressed in the foreseeable future?
I've recently updated the documentation , as this issue plagued me multiple times.
I'm not too familiar with the intricacies of the firmware upgrade process (and if it happens, I generally need my laptop and try to fix it as fast as possible ;)), but on every previous firmware update, I had to update the initramfs, run the bootctl installer and in some cases, mess with the systemd-boot loader configs.
Rust is actually just hematite (ferric oxide), which is a type of iron ore!
This becomes less noticeable at higher resolutions and larger sizes (e.g 32”+ @4k native).
If we want taller screens, then we should use 16:12 or so. If 16:10 is the perfect ratio and 16:9 is just off, then I honestly don't think it can be bad enough to justify the cost of change, though I am of course willing to be convinced by research.
In that discussion, several other good Linux notebooks were also discussed, including System 76. But it was reported there that the quality is quite bad:
> but the quality is reportedly bad (flaky hardware, too-fast power drain, reflash bios to toggle discrete graphics (!), slow support) https://www.linuxjournal.com/content/review-system76-oryx-pr...
> Mine is in the System 76 repair shop right now for the third time. Extremely unsatisfied with Oryx Pro materials and build quality. Oh it's back for the third time because when they replaced the top case last time, they installed a defective touch pad. Never again.
I wonder if that has been improved, as I'm really interested in a high quality Linux notebook.
I can't really find more than maybe 10-20 unique public cases of a System76 computer having serious problems. I don't want to toot our horns too much here, but that's just not very many people compared to our entire userbase. We're a company with the resources to develop open source firmware; it takes a lot more support from your customers than could be afforded by 10-20 (or 100, 1000, etc.) people to do that.
If you look hard enough, it's not hard to find examples of any computer manufacturer having issues with occasional units. That's just the nature of manufactured products (especially high-tech electronics). No company has a 0% failure rate, and any that claims to is lying. However, you can be reasonably certain that any company that's been around for a decade and a half (or longer) has a lot fewer failures than successes
I can not speak to the original quote but my experience as not been amazing. My 4k Oryx Pro has rebooted randomly since the second month I have owned it. I sent it back 3 times already, ran tests per support and even reinstalled PopOs many times. It still has randomly rebooted. My last interaction with support was just past the year mark of when I bought it and I was asked to pay to replace the last item (the battery, just about everything else was replaced).
I love using PopOs. I love the 4k screen I have and the Oryx. I dont love writing this or the response I sent to support about the request for paying for it. It gives me pause when recommending System76 to a coworker/friend and I will be looking around when when the time comes to get a new laptop. Support was helpful when I had a linux issue early on but the rest of year long interaction was about the reboots.
It sits on my desk now with an external keyboard, external USB hub, and external DAC for the headphones to work.
I guess Clevo would even be up to designing a new PCB around a different CPU by a different vendor, but "use this type of keyboard" will be much cheaper to commission than "swap out the CPU vendor".
So I'd expect keyboard issues to be more up to Metabox choosing the cheapest option for that part, rather than a systemic Clevo failure.
Almost every post on HN is for marketing. The net positive System76 is doing outweighs the negatives we have in today's software world. Be happy it's not BIOS-as-a-service that requires a subscription and is funded by a VC.
They have no responsibility of the sort.
If I wanted an ALMOST foss laptop, I would buy a laptop and coreboot it myself. The reason that it's exciting for a company to be doing something like this is because they have leverage in their decisions that I don't as a customer (custom cpu, custom components, choosing components with open firmware that already have good interoperability on the platform etc)
Now, offering something else (ARM, RISC-V, POWER, anything but x86) as a truly open source alternative, then seeing if there was any reaction, might start to apply some small degree of leverage. Definitely there would be more potential opportunities to meaningfully discuss design goals with silicon vendors other than Intel and AMD. Who knows, maybe this could still happen...it'd be pretty easy / cheap to get some POWER desktop offerings lined up based on existing mainboards, and Clevo might be persuaded to do an ARM laptop design based on one of the Chromebook SoCs... ;)
With our baseline blob-free systems, we picked parts that were firmware-free, had open firmware, or could have open firmware written in the future. This is why we don't have onboard 100Gbe, Thunderbolt, or other interfaces that would require relinquishing control of the system to an external vendor. However, the resulting products are quite functional as both PCs and servers, with no real complaints or concerns over the I/O given the multiple PCIe Gen 4 slots available. My understanding is that very few ODMs do this, as they don't want to make that tradeoff, but this is how you apply leverage to silicon vendors long term. And you know what? It's working (outside the GPU sphere at least) -- Raptor isn't the only one pushing hard on these topics from the OpenPOWER side, and so far we've been able to get the silicon we need for our current product lines.
This may be true, but I think that selling corebooted computers is literally just a marketing gimmick. If a computer ('s motherboard) is corebootable, I can coreboot it myself, or lacking the technical skills, ebay have it done for ~$50 (maybe with video proof that the flashed rom is what is expected by showing hashes)
I don't expect ANYONE to be able to make intel or amd do anything about this situation, which is why I acknowledge your point:
> Now, offering something else (ARM, RISC-V, POWER, anything but x86) as a truly open source alternative...
I would love to see a POWER laptop, but I don't have the technical knowledge or money to help make this happen.
What I think is holding this back the most is that there are very few people with an ecosystem where they can compile all their own programs, meaning that 99% of computer users won't be able to make use of the general purpose computer underneath, because the software they NEED for their work absolutely will not run on it.
As a user however I think freedom is paramount, I'm about to finish up my CS undergrad, and about 3 years ago I became aware of the issues surrounding freedom in computing (literally never brought up in any of my classes), and I bought all the components needed and librebooted myself a thinkpad x200, which I've been faithfully using with parabola/debian ever since. Thankfully this as a platform was within my financial reach.
> With our baseline blob-free systems...
I laud the efforts of raptorpcs, but these systems are completely out of my reach. My previous sentence should show that I'm willing to compromise a lot to have freedom (no usb 3.0, I stopped playing games that have proprietary code, rebuilt my ecosystem so as to never have to move away from totally libre software etc)
I recognize how the fact that these machines exist means that a motivated company can choose to have a free system and that's great!
What I'm looking for as a normal user though is a LAPTOP that has these features, and that's why I get hype when someone claims to have one, but it's always a dissapointment, eg. purism.
I feel like I'm ranting, but it's honestly a little unclear what I'm responding to.
Naming is hard, but almost anything would be better. If in doubt I'd go with something bland like "System76 Linux."
I bring this up because for the past 20 years closed silos and locked down platforms have won almost entirely on the basis of UI/UX and polish. System76's hardware looks good at first glance, but everything else matters too. An OS name that says "this is a toy and will be useless for real work" is a real problem for wider adoption. Even worse the name tends to transfer via mental association onto the hardware, conveying the idea that this laptop will fall apart.
-  https://system76.com/pop
-  https://elementary.io
My 30 second impression is "this is for children who want to program toy robot kits."
I am posting this criticism in the hopes that it's constructive, since I do like what system76 is doing. I use a Mac right now but I'd consider their laptops as one of the first possibilities if I ever abandoned the Mac platform.
and drivers are an important frontier of this. SO TIRED of downloading blobs to have wifi on linux. AFAIK there isn't even a usb wifi dongle that has an open source wifi driver, much less a commercial wifi chipset.
even companies that are in theory dedicated to quality are teetering on the edge of using software to enable planned obsolescence -- and also releasing unpleasant product changes in line with security updates.
coreboot particularly interesting because of the TOTP work people have been doing on the TPM for tamper detection.
For Intel Wi-Fi, FreeBSD includes the firmware out-of-the-box, many Linux distros do the same I'm sure.
You almost certainly cant transmit legally, though (unless you have a amateur radio license, which lets you do all sorts of stuff with useful amounts of power).
First, as a ham radio operator, no, you can't just go and start blasting away from an SDR even in the ham bands. You have to follow strict rules, including a non-commercial content rule and you must not use encryption. The ham bands are for people to experiment with new radio technologies and more importantly communicate with one another using those technologies on a hobbyist level -- encryption and commercial use does not help those goals.
That being said, there are chunks of radio spectrum that are effectively "public domain" where you can transmit within certain ERP (effective radiated power) limits without the ham band restrictions on content, protocol, etc. Traditional WiFi lives in one -- the block set aside for microwave cooking devices, and therefore with a near-unusable noise floor for anything but short range communication like household WiFi.
is it like a settings file?
Binwalk, IDA pro, etc. All the normal reverse engineering tools.
>are they a threat vector?
>is it like a settings file?
No, it's code executing on the WiFi card.
Besides a hex editor, probably not.
> are they a threat vector?
As much as any other opaque software (i.e. not FOSS or otherwise transparent around source code auditing by arbitrary third parties). That is, in short: yes.
> is it like a settings file?
No, it's more like the operating system for the wireless card itself, running on the card's own microprocessor.
I believe system76 was less expensive but had blobs. Unsure about the hardware details.
Sorry, I call BS on that unless it was a long time ago, as in Core 2 Duo era.
As to booting, it originally shipped with a bios, but later offered coreboot which I believe disabled the ME.
Sorry, that means you've got a ME. Part of one (the BUP) but a required ME nonetheless:
I see now why your comment was so strongly worded...
"I know we would be interested in assisting System76 (or other prebuilt system OEMs) to start offering POWER products as true open source, owner controlled alternatives to Intel and AMD"
Although what you're doing is laudable, I think your form of communication might alienate the kinds of people who might support your mission.
This "neutralized" or "disabled" ME rumor is extremely persistent over literally years, probably due to feeding on what people want to hear versus what the reality of the situation is. Every time it's propagated not only does the person that believes it not get what they think they got, but it harms anyone trying to push for truly open computing vs. half-open computing.
The Cambridge English Dictionary states the following primary definition for the word "neutralize":
"1. to stop something from having an effect"
If you were to actually do that to the ME on a modern Intel system (or the PSP on a modern AMD system), here's what you would see:
This is because the system will not come out of reset until at least the BUP (and for newer systems more ME modules as well) have started. Those modules are signed, proprietary binaries for which source code will never be released per Intel's statements.
So, we have an apparent conflict. How can the ME be "neutralized", according to the standard English definition, while your machine still starts (thereby proving the ME has had at least some required effect prior to coreboot launching)?
I ended up going with a Lenovo x1 carbón extreme and threw ArchLinux on it. The trackpad is worse, and battery life isn’t quite as good (I feel like I can optimize this, but haven’t had the chance yet), but it’s such a capable machine. I feel quite happy with it.
powertop --auto-tune is a good first start in my experience.
My only real complaint is that when the fan ramps up, it is really loud. Loud enough to distract from meetings.... I haven't dug into the different tools for fan control much yet, but if anyone from System76 sees this, it'd be awesome if you implemented a nice ui for that.
EDK2 is also open source, a UEFI implementation. Looks like Coreboot has been around about as long as EFI, and supports most of the same architectures.
So is the Coreboot advantage argument mainly that it's simpler than UEFI?
Should I be looking at the Pinebook 11" ?
But it's a pretty low end system intended for experimentation. The store page warns you not to buy it if you are picky about hardware quality.
Otherwise consider a Surface Laptop! The 3:2 aspect ratio is surprisingly sticky
Also, the keyboard is cramped and has an odd layout.
I just don't particularly like the look of the chassis, and I'm sure there's nowhere I can see them in person to check. It's a shame that Macbooks essentially don't work with Linux any more: https://github.com/Dunedan/mbp-2016-linux (yes there are workarounds and maybe it doesn't all matter - but needing a WiFi dongle is a bit of show stopper).
Simply better to buy a certified Dell laptop such as:
Latitude 7490 or Latitude 7480
Also the display stopped working after a week and they blamed me for cracking the screen, even though I kept the laptop in a bag all the time.
The support was bad too. I would get response from different person on same support request for every new message. It bothered me because it looked like the new person who replied next time had no idea about the history of the support request.
I refused to pay the extra like $150 for the laptop and sent it back.