> Again what it means in practice should be discussed but basically any reasonable person including you and anyone with your level of expertise should be able to say honestly that, yes indeed this computer is under full control of the owner and the owner only. It has no backdoor or ability to be remotely updated without the owner intention.
That, unfortunately, is impossible for silicon platforms. Documentation can't prove the lack of a backdoor, because you can't prove that the chip you got is what was documented (even if you have a scanning electron microscope and a lot of time, that's a destructive process and you can't prove that the chip you'll actually use is the same as the one you analyzed).
This is a common fallacy espoused by those who demand ultimate freedom: that along with it comes full trust and control. It doesn't. Because physics. Chips aren't software.
Precursor makes the quite solid argument that general purpose FPGA backdoors are infeasible (because it's an intractable problem for arbitrary logic circuits) and therefore it is a device that can be trusted even if the silicon can't. Of course, then you'd better be happy running all your computing on a 100MHz RISC-V.
> Do they? Wouldn't you say that Apple have a full control over their Mac M1?
Given that it's sitting on my desk, it's running my own OS, there is no Apple code running on it with full system access by the time it boots into Linux, and Apple can't remotely update it (the bootloader doesn't even have USB support let alone networking, and there is no resident supervisor like there is on Intel machines, Android phones, etc), no, I'm pretty sure I have full control over it for all normal practical purposes.
In fact I'm much more sure about that than I would be with the laptops the FSF peddles as "respects your freedom"; last time I looked at the schematics for one of those, it had over a half dozen chips running secret blobs, and at least two or three of them had full access to all system RAM via a DMA capable bus. You'd have to be insane to trust that over an M1, which is designed to sandbox all coprocessors from the main CPU and RAM via IOMMUs, such that even if all firmware is backdoored it can't take over your main CPU.
Is it perfect? No, if I wipe the Flash without a backup the recovery process requires phoning home to Apple, since that's how it re-downloads things like certificates, calibration data, MAC addresses, etc (though at least we have open source tools that implement all that and you can run on Linux). But that's a repairability/longevity argument; while the thing has a proper bootloader installed, it isn't phoning home anywhere during normal operation.
Then again, for those FSF laptops, if you wipe Flash you need a soldering iron to recover them, so from that point of view the M1s are a lot more robust, since you can recover them via USB from any other random machine, no disassembly required.
This is why nuance matters. Absolutist positions like the FSF's and yours lead to less trust, because reality isn't absolute, it's nuanced. If you want absolute trust, you can pre-order a Precursor today. If you want a laptop class machine you can reasonably trust not to be backdoored, you'd do much better getting an M1 than the obsolete ThinkPads the FSF certified, which don't even have modern security features like IOMMUs and have known blobs with full control over the computer. I can't prove the M1 doesn't have any secret silicon backdoors but at least the design is clearly intended to prevent firmware ones, and there are no known bypasses, which can't be said of those ThinkPads.
> If you ask today in practical terms what is a reasonable line to draw, let's draw it where Apple have done it except the key should be in the hands of the owner, not Apple. How about that? Would it satisfy?
That is a very difficult question to answer. Would hacker me like a device where I can burn in my own iBoot signing keys? Sure. Devices where you can do that kind of thing exist; you can get SoC dev kits (e.g. I know the Nvidia Tegra X1 devkit can do it) where you can burn your own keys permanently and become the trust authority, and I wouldn't be surprised if it can be done on open designs like Novena, though it may not be documented. Is it a good idea for the general public? No. The problem is building a platform that is "fully user controlled" (whatever that means, usually "everything that runs after the Boot ROM") means delegating an immense amount of responsibility to the user, which is at odds with security paradigms that attempt to protect you from higher level attackers. Can you build a signing and key storage facility on par with the security of Apple's? Highly unlikely. So yes, you might have full control over the device, but you're getting less security against other attackers as a result. The reason Apple can build a user friendly yet secure device is because they control the early boot stages, so they can build the complex mechanisms on top that make that possible; full control, secure, user friendly: pick two.
Can Apple sell me a backdoored M1? Yes. But the entire point of their design is that nobody else can backdoor it for me. Not even you, if you get ahold of it. Their user-controlled secureboot delegation requires authenticating using your machine owner credentials to install your own kernel, after having asserted physical presence, unless you wipe the whole machine and start fresh. And even then you can't backdoor the recovery mode used to do this, so you couldn't backdoor someone using the Asahi Linux installer since it runs from that secure recovery. Their design is such that compromised third party chips can't compromise the main system. You can't backdoor the motherboard and replace the flash. Etc. You have to trust Apple to an extent, but in exchange you're much safer from threats from other parties than with other machines. You can buy a second hand M1 Mac and be very confident it's every bit as secure as one straight from the Apple store. That is something that cannot be said for the vast majority of consumer hardware.
Those are all worthy things to have. Is it worth the trade-off of letting Apple control the early boot stages? I think it is for many people. Is it possible to build a system with identical security guarantees that is simultaneously fully user controlled and doesn't require every user to have a secure lab, HSM cluster, etc to achieve the same level of threat resistance? I don't know. Maybe. I invite you to try to come up with such a design; it would be very interesting to hear about it :)
The good news is that security is composable. That means that, for example, if I use LUKS encryption from Linux on top of the native hardware keystore and encryption, I know I have top notch security against third party attackers and I know I'm safe from Apple helping some government entity to crack it if they seize it, since they won't be able to break the second encryption layer (and I'm very confident they don't have any remote access backdoors for normal usage, so I'm safe from post facto active targeting since they just have no way of doing that when the thing is running my own OS).
And the fact that I just wrote a wall of text about this is, again, evidence that nuance matters. You can't reduce any of this to "do I control the signing keys" or "does it have any blobs". I'm sure some people will read my story and decide they don't want to touch the M1 machines with a 10 foot pole, and would rather get a Novena or a Pinebook or whatever. And others will be very excited and want to get one ASAP, because it's massively more trustable than any recent Intel or AMD machine by design. And the only way you can decide is if you know the facts and how the machine works and what the threats are and who you need to trust and so on and so forth. A "Respects your Freedom" sticker tells you nothing.
I do not know if you ever lived under dictatorship but the most popular argument of dictatorship is 'There are Nuances' , 'Be wise, nothing is absolute' and 'Freedom is not the answer'. I would not wish to blame you for anything because I value your efforts and the worst thing I could assume: it's your honest mistake.
Of course nothing is absolute but it doesn't mean that we should be that wise to miss the main point with all nuances and be fooled like idiots to accept things that should never be acceptable. Nuances do matter but only after the main thing is defined and protected.
I am sorry but in that case with all your expertise knowledge and nuances you seem to miss the main thing which is a tendency to close every platform and make it controlled remotely or brick it otherwise stripping the owner from the computer respecting freedom completely.
Apple computers were able to boot from the usb now they don't. I am aware about nuances but you cannot boot in DFU something other then their thing unless they permit it, isnt' it?
Could they do it differently? I presume yes. They choose it to be exactly this way and they choose it to be this way just to keep control because they perfectly know where line is . They keep the very control they could and should give to the owner if he chooses so but they didn't and they didn't because the whole tendency is to make people slowly accept the idea of closed/remotely controlled platform.
Their iphone/ipads are closed completely just because they have found a way to make it acceptable by people. They can't do it with Macs ... for now. They are not idiots and they understand that if they close Macs today they will meet strong opposition with the chance that people would reject to use it completely. And they made a lot of efforts using 'nuances' tactics to make sure that one who wish to fool himself would find a way to do it by saying - look it is not perfect but they are trying to keep it open and there are nuances. Nevertheless they have managed to push things that never perceived as the norm like phoning home for some parameters, this 'secure' (for them) bootloader that owner doesn't have a choice to turn off or this DFU requiring another Mac to boot. What the F is that? Why can't I boot from usb without other Mac? Why there should be some hacking to achieve something like that? Could they do it differently? Of course they could but they didn't and they didn't on purpose because 'frog boiling' is in progress.
>But that's a repairability/longevity argument; while the thing has a proper bootloader installed, it isn't phoning home anywhere during normal operation.
Today, what about tomorrow?
>Can Apple sell me a backdoored M1? Yes. But the entire point of their design is that nobody else can backdoor it for me. Not even you, if you get ahold of it. Their user-controlled secureboot delegation requires authenticating using your machine owner credentials to install your own kernel, after having asserted physical presence, unless you wipe the whole machine and start fresh. And even then you can't backdoor the recovery mode used to do this, so you couldn't backdoor someone using the Asahi Linux installer since it runs from that secure recovery. Their design is such that compromised third party chips can't compromise the main system. You can't backdoor the motherboard and replace the flash. Etc. You have to trust Apple to an extent,
My concerns about third party in general and third party chips are much less then my concerns about Apple itself. Why should one afraid third party less then Apple? What is the difference? Apple as far as I am concerned IS third party as much as another third party is because they can communicate between them and they do such things and Apple is known to accept shit from dictatorships.
"You have to trust Apple to an extent" NO, I do not have to. We do not have to. They should be obligated to deliver something that doesn't require that after their product is shipped. We should demand from suppliers to supply something that doesn't require their control and it should be illegal if they introduce something like that.Only then they could be potentially "trusted" to the certain extent.
>Can you build a signing and key storage facility on par with the security of Apple's? Highly unlikely. So yes, you might have full control over the device, but you're getting less security against other attackers as a result.
What if I prefer that and not some 'big daddy' caring about my safety more then I do? Freedom does matter and it IS the answer and it comes with responsibility. THIS is the main issue here. THIS is what separates society with responsible citizens from the society with 'naive children' who wish to trade their freedom for 'safety' resulting in loosing both.
I had typed up a full point by point reply, but honestly,
> naive children
If you're going to end with ad hominem attacks, you don't deserve it. You've made it clear to everyone here what kind of person you are, and I shouldn't be wasting my time replying.
(Also, your comment history suggests you own an M1 Air since you were commenting about PWM flicker and QEMU VMs... so maybe check out a mirror before insulting people who choose to buy these machines)
It was never my intention to insult anyone and especially I didn't intend to insult you specifically and if it sounded like that I am really sorry and regret it.I was trying to say it figuratively. In general. I read carefully what you say and agree with you on some points. English isn't my first language and may be my attempt to use figurative speech went too far because the intention was to merely describe tendency of avoiding certain level of responsibility by some people and that tendency is something I do not like in general. Nothing more. Of course I do not wish to claim that some one who bought some machine immediately become 'naive children' and I understand that one can deal only so much with the machine and it's problems when real work needs to be done. And as you've noted I by myself had to buy M1 because I write missing file manager for it . I see no absolutism in my position as I claim what I like and try to get as close to that as possible. If you go even deeper into my past comments you will not need to suggest anything because you will find detailed description of all problems I had with M1 and the other Mac model before it. I am not hiding it nor consider it an insult to have one. I am trying to call things for what they really are to my best knowledge but it is not my intention to insult you or someone who have bought M1 or any other machine for that matter. I am sorry if it sounded for you this way.
>If you're going to end with ad hominem attacks, you don't deserve it.
No I am not going to end with any attacks. I am trying to avoid any attacks and trying to argue for the topic in general. This is my internal guideline and if by some reason I did deviate from it I apologize because this is not my intention.
> you don't deserve it. You've made it clear to everyone here what kind of person you are, and I shouldn't be wasting my time replying.
Who deserves what in your perspective of the world it is of course for you to decide for yourself. Still, with all respect, I think you went there too much personal and I think it would be certain exaggeration to suggest that you can know what kind of person I am and I do not understand what makes you think you are entitled to speak for others here. What kind of person I am or not doesn't really even matter here. When you answer me you are not only answering to me personally. It is the general point that matter so consider sharing something you already typed for the sake of others if my apology wasn't enough.
As to your criticism I am not perfect and make mistakes but I do check my mirror constantly so I hope we can avoid certain 'too early' conclusions that might be incorrect.
If there are things other then those two words please point to them in a respectful manner.
You've suggested that my position is an absolutist position and I do not see absolutism in it. You have baby or you don't. If they control computer then they do. Nuances come after that. How much of it you accept for the moment is a separate question. I never been accused for absolutism before. I do not know why you suggest it as you can well see it by yourself that I do compromise and buy something like M1 because at the moment according even to your point it might be not the worse compromise. So perhaps suggestion of absolutism for simple wish to have own computer under own control is misplaced.
In general I simply wish computer that I fully control . I do not need 'safety' provided by someone unfamiliar to me and I wish to avoid situation where I have to choose only between bad options non of which deliver what I need. I hope you can see some logic behind this point.
I have nothing to do with FSF by the way so please take it into account because it's also incorrect to put me in the same camp with them (at least so far). I share some of their views just as I can share some of your views when they are well grounded. For instance if you claim that FSF standards for the hardware aren't enough nor consistent I can see your point. It's hard to say you are correct or not it still needs some thinking about it and this is what it's all about. To hear the point and to think about it. I have nothing against you personally. If I wish to insult or attack I do it with very different tone and then it's hard to confuse with something else so there is no need to look for insults in other places when I am simply trying to express certain point of view as clear as I can.I hope I didn't waste my time explaining all of this to you.
With all that said and understanding your emotion I apologize for those two words if they delivered wrong message. Still I think staying on the subject and delivering your points was more important than getting personal and showing disrespect. I hope you can come back to the points and put personal things and some incorrect suggestions aside.
That, unfortunately, is impossible for silicon platforms. Documentation can't prove the lack of a backdoor, because you can't prove that the chip you got is what was documented (even if you have a scanning electron microscope and a lot of time, that's a destructive process and you can't prove that the chip you'll actually use is the same as the one you analyzed).
This is a common fallacy espoused by those who demand ultimate freedom: that along with it comes full trust and control. It doesn't. Because physics. Chips aren't software.
Instead, you should be investing in one of these:
https://www.crowdsupply.com/sutajio-kosagi/precursor
Precursor makes the quite solid argument that general purpose FPGA backdoors are infeasible (because it's an intractable problem for arbitrary logic circuits) and therefore it is a device that can be trusted even if the silicon can't. Of course, then you'd better be happy running all your computing on a 100MHz RISC-V.
> Do they? Wouldn't you say that Apple have a full control over their Mac M1?
Given that it's sitting on my desk, it's running my own OS, there is no Apple code running on it with full system access by the time it boots into Linux, and Apple can't remotely update it (the bootloader doesn't even have USB support let alone networking, and there is no resident supervisor like there is on Intel machines, Android phones, etc), no, I'm pretty sure I have full control over it for all normal practical purposes.
In fact I'm much more sure about that than I would be with the laptops the FSF peddles as "respects your freedom"; last time I looked at the schematics for one of those, it had over a half dozen chips running secret blobs, and at least two or three of them had full access to all system RAM via a DMA capable bus. You'd have to be insane to trust that over an M1, which is designed to sandbox all coprocessors from the main CPU and RAM via IOMMUs, such that even if all firmware is backdoored it can't take over your main CPU.
Is it perfect? No, if I wipe the Flash without a backup the recovery process requires phoning home to Apple, since that's how it re-downloads things like certificates, calibration data, MAC addresses, etc (though at least we have open source tools that implement all that and you can run on Linux). But that's a repairability/longevity argument; while the thing has a proper bootloader installed, it isn't phoning home anywhere during normal operation.
Then again, for those FSF laptops, if you wipe Flash you need a soldering iron to recover them, so from that point of view the M1s are a lot more robust, since you can recover them via USB from any other random machine, no disassembly required.
This is why nuance matters. Absolutist positions like the FSF's and yours lead to less trust, because reality isn't absolute, it's nuanced. If you want absolute trust, you can pre-order a Precursor today. If you want a laptop class machine you can reasonably trust not to be backdoored, you'd do much better getting an M1 than the obsolete ThinkPads the FSF certified, which don't even have modern security features like IOMMUs and have known blobs with full control over the computer. I can't prove the M1 doesn't have any secret silicon backdoors but at least the design is clearly intended to prevent firmware ones, and there are no known bypasses, which can't be said of those ThinkPads.
> If you ask today in practical terms what is a reasonable line to draw, let's draw it where Apple have done it except the key should be in the hands of the owner, not Apple. How about that? Would it satisfy?
That is a very difficult question to answer. Would hacker me like a device where I can burn in my own iBoot signing keys? Sure. Devices where you can do that kind of thing exist; you can get SoC dev kits (e.g. I know the Nvidia Tegra X1 devkit can do it) where you can burn your own keys permanently and become the trust authority, and I wouldn't be surprised if it can be done on open designs like Novena, though it may not be documented. Is it a good idea for the general public? No. The problem is building a platform that is "fully user controlled" (whatever that means, usually "everything that runs after the Boot ROM") means delegating an immense amount of responsibility to the user, which is at odds with security paradigms that attempt to protect you from higher level attackers. Can you build a signing and key storage facility on par with the security of Apple's? Highly unlikely. So yes, you might have full control over the device, but you're getting less security against other attackers as a result. The reason Apple can build a user friendly yet secure device is because they control the early boot stages, so they can build the complex mechanisms on top that make that possible; full control, secure, user friendly: pick two.
Can Apple sell me a backdoored M1? Yes. But the entire point of their design is that nobody else can backdoor it for me. Not even you, if you get ahold of it. Their user-controlled secureboot delegation requires authenticating using your machine owner credentials to install your own kernel, after having asserted physical presence, unless you wipe the whole machine and start fresh. And even then you can't backdoor the recovery mode used to do this, so you couldn't backdoor someone using the Asahi Linux installer since it runs from that secure recovery. Their design is such that compromised third party chips can't compromise the main system. You can't backdoor the motherboard and replace the flash. Etc. You have to trust Apple to an extent, but in exchange you're much safer from threats from other parties than with other machines. You can buy a second hand M1 Mac and be very confident it's every bit as secure as one straight from the Apple store. That is something that cannot be said for the vast majority of consumer hardware.
Those are all worthy things to have. Is it worth the trade-off of letting Apple control the early boot stages? I think it is for many people. Is it possible to build a system with identical security guarantees that is simultaneously fully user controlled and doesn't require every user to have a secure lab, HSM cluster, etc to achieve the same level of threat resistance? I don't know. Maybe. I invite you to try to come up with such a design; it would be very interesting to hear about it :)
The good news is that security is composable. That means that, for example, if I use LUKS encryption from Linux on top of the native hardware keystore and encryption, I know I have top notch security against third party attackers and I know I'm safe from Apple helping some government entity to crack it if they seize it, since they won't be able to break the second encryption layer (and I'm very confident they don't have any remote access backdoors for normal usage, so I'm safe from post facto active targeting since they just have no way of doing that when the thing is running my own OS).
And the fact that I just wrote a wall of text about this is, again, evidence that nuance matters. You can't reduce any of this to "do I control the signing keys" or "does it have any blobs". I'm sure some people will read my story and decide they don't want to touch the M1 machines with a 10 foot pole, and would rather get a Novena or a Pinebook or whatever. And others will be very excited and want to get one ASAP, because it's massively more trustable than any recent Intel or AMD machine by design. And the only way you can decide is if you know the facts and how the machine works and what the threats are and who you need to trust and so on and so forth. A "Respects your Freedom" sticker tells you nothing.