AMD and ME?
138 views
Skip to first unread message
Sandy Harris
Sep 1, 2017, 2:19:05 PM9/1/17
to qubes-users
Since the Management Engine (ME) is an Intel feature, can one avoid
its risk by just buying an AMD-based machine? Or does AMD have a
similar feature? Or lack some of the virualisation support Qubes
relies on?
Perhaps some other sort of machine altogether?
its risk by just buying an AMD-based machine? Or does AMD have a
similar feature? Or lack some of the virualisation support Qubes
relies on?
Perhaps some other sort of machine altogether?
Dominique St-Pierre Boucher
Sep 1, 2017, 3:04:41 PM9/1/17
to qubes-users
AMD has the equivalent of Intel ME named AMD PSP. See info here:
https://libreboot.org/faq.html
Dominique
Tai...@gmx.com
Sep 1, 2017, 7:19:22 PM9/1/17
to Sandy Harris, qubes-users
AMD PSP is AMD's version of ME present in the new AMD stuff - one has to
buy an older 2013 or before AMD x86 CPU to avoid it generally.
Todays options for *new* owner controlled performance hardware is POWER8
and 9 - x86 is dead and those who claim otherwise have no idea what
they're talking about.
Your options:
Low/Medium Performance - KCMA-D8 for $260 with $60 4386 CPU (plus ram
cpu etc) just abut an FX-8310 - KCMA-D8/KGPE-D16 have libre owner
controlled firmware - it is circa 2011 hardware but it will run qubes
4.0. I have one and it works great and supports IOMMU-GFX so you can
play games in a VM via an attached graphics card.
Ultra High Performance (brand new hotness and truly special) - The TALOS
2 POWER9 workstation which is 100% libre and owner controlled including
not just the firmware but the hardware too - price is 2K (plus ram, psu
case etc) which is a great deal for high performance workstation/server
hardware (ironic that the closed source x86 crap costs more) - Note that
you would not be able to run x86 windows apps in a windows VM without a
significant performance penalty so you would need to be entirely linux,
it also supports IOMMU-GFX so you can watch movies in a VM or play some
of the few linux games that have source code available (to compile for
POWER)
POWER9 supports 8 SMP threads per core so it is great for virtualization
even if one doesn't buy one of the 12+ core CPU's.
You would have to compile qubes for POWER as there is no POWER port, but
that can easily be done.
buy an older 2013 or before AMD x86 CPU to avoid it generally.
Todays options for *new* owner controlled performance hardware is POWER8
and 9 - x86 is dead and those who claim otherwise have no idea what
they're talking about.
Your options:
Low/Medium Performance - KCMA-D8 for $260 with $60 4386 CPU (plus ram
cpu etc) just abut an FX-8310 - KCMA-D8/KGPE-D16 have libre owner
controlled firmware - it is circa 2011 hardware but it will run qubes
4.0. I have one and it works great and supports IOMMU-GFX so you can
play games in a VM via an attached graphics card.
Ultra High Performance (brand new hotness and truly special) - The TALOS
2 POWER9 workstation which is 100% libre and owner controlled including
not just the firmware but the hardware too - price is 2K (plus ram, psu
case etc) which is a great deal for high performance workstation/server
hardware (ironic that the closed source x86 crap costs more) - Note that
you would not be able to run x86 windows apps in a windows VM without a
significant performance penalty so you would need to be entirely linux,
it also supports IOMMU-GFX so you can watch movies in a VM or play some
of the few linux games that have source code available (to compile for
POWER)
POWER9 supports 8 SMP threads per core so it is great for virtualization
even if one doesn't buy one of the 12+ core CPU's.
You would have to compile qubes for POWER as there is no POWER port, but
that can easily be done.
Tai...@gmx.com
Sep 1, 2017, 7:22:52 PM9/1/17
to Sandy Harris, qubes-users
Also forgot if to say if you need a laptop:
The Lenovo G505S with an AMD CPU:
Coreboot with open source init and a few blobs (graphics, fan and power
control) - no ME/PSP.
It is impossible to disable ME, no matter what some companies might say...
https://www.reddit.com/r/linux/comments/3anjgm/on_the_librem_laptop_purism_doesnt_believe_in/
The Lenovo G505S with an AMD CPU:
Coreboot with open source init and a few blobs (graphics, fan and power
control) - no ME/PSP.
It is impossible to disable ME, no matter what some companies might say...
https://www.reddit.com/r/linux/comments/3anjgm/on_the_librem_laptop_purism_doesnt_believe_in/
Finsh
Sep 4, 2017, 1:42:24 PM9/4/17
to qubes-users
Wy not simply apply ME_cleaner? I doesnt remove all of the ME functions, but as far as ive understood it will wipe out the official Intel firmware, leaving only a stub of it to bring up the (Sandybridge) CPU before shutting down the ME.
cheers
Tai...@gmx.com
Sep 4, 2017, 11:50:14 PM9/4/17
to Finsh, qubes-users
On 09/04/2017 01:42 PM, Finsh wrote:
> Wy not simply apply ME_cleaner? I doesnt remove all of the ME functions, but as far as ive understood it will wipe out the official Intel firmware, leaving only a stub of it to bring up the (Sandybridge) CPU before shutting down the ME.
It is still active, if you actually shut it off or somehow removed the
> Wy not simply apply ME_cleaner? I doesnt remove all of the ME functions, but as far as ive understood it will wipe out the official Intel firmware, leaving only a stub of it to bring up the (Sandybridge) CPU before shutting down the ME.
chip physically the system would cease to function as ME is integral to
a variety of things so says intel (a slick way to stop people from
getting rid of it)
There is still a litany of mysterious opaque code, even after ME cleaner
- and that's the stuff that you can notice - it doesn't include mask
roms or undocumented EEPROM chips.
Post sandy/ivy bridge a lot less gets stripped out too, but if you're
going to get ivy/sandy laptop you might as well get a Lenovo G505S and
skip ME/PSP. (performance equal to sandy bridge)
With the KGPE-D16, KCMA-D8, Lenovo G505S and of course the extra high
performance TALOS 2 there is no reason at all to buy a system with
ME/PSP hardware rootkits - one ends up spending less money for higher
performance by going with a non-owner controlled system ironically (to
get TALOS 2's POWER9 performance you'd spend twice as much with intel/amd)
I play modern games on my libre firmware KGPE-D16, I sacrifice
absolutely nothing to be free.
Tai...@gmx.com
Sep 4, 2017, 11:59:04 PM9/4/17
to Finsh, qubes-users
On 09/04/2017 11:50 PM, Tai...@gmx.com wrote:
> On 09/04/2017 01:42 PM, Finsh wrote:
>
>> Wy not simply apply ME_cleaner? I doesnt remove all of the ME
>> functions, but as far as ive understood it will wipe out the official
>> Intel firmware, leaving only a stub of it to bring up the
>> (Sandybridge) CPU before shutting down the ME.
> It is still active, if you actually shut it off or somehow removed the
> chip physically the system would cease to function as ME is integral
> to a variety of things so says intel (a slick way to stop people from
> getting rid of it)
>
> There is still a litany of mysterious opaque code, even after ME
> cleaner - and that's the stuff that you can notice - it doesn't
> include mask roms or undocumented EEPROM chips.
>
> Post sandy/ivy bridge a lot less gets stripped out too, but if you're
> going to get ivy/sandy laptop you might as well get a Lenovo G505S and
> skip ME/PSP. (performance equal to sandy bridge)
>
> With the KGPE-D16, KCMA-D8, Lenovo G505S and of course the extra high
> performance TALOS 2 there is no reason at all to buy a system with
> ME/PSP hardware rootkits - one ends up spending **less money for
> On 09/04/2017 01:42 PM, Finsh wrote:
>
>> Wy not simply apply ME_cleaner? I doesnt remove all of the ME
>> functions, but as far as ive understood it will wipe out the official
>> Intel firmware, leaving only a stub of it to bring up the
>> (Sandybridge) CPU before shutting down the ME.
> It is still active, if you actually shut it off or somehow removed the
> chip physically the system would cease to function as ME is integral
> to a variety of things so says intel (a slick way to stop people from
> getting rid of it)
>
> There is still a litany of mysterious opaque code, even after ME
> cleaner - and that's the stuff that you can notice - it doesn't
> include mask roms or undocumented EEPROM chips.
>
> Post sandy/ivy bridge a lot less gets stripped out too, but if you're
> going to get ivy/sandy laptop you might as well get a Lenovo G505S and
> skip ME/PSP. (performance equal to sandy bridge)
>
> With the KGPE-D16, KCMA-D8, Lenovo G505S and of course the extra high
> performance TALOS 2 there is no reason at all to buy a system with
> higher performance by going with an owner controlled system***
> ironically (to get TALOS 2's POWER9 performance you'd spend twice as
> much with intel/amd)
> I play modern games on my libre firmware KGPE-D16, I sacrifice
> absolutely nothing to be free.
>
FFFfff typo - correction one spends more money by purchasing a non-owner
> much with intel/amd)
> I play modern games on my libre firmware KGPE-D16, I sacrifice
> absolutely nothing to be free.
>
controlled system.
TALOS 2 with a board and CPU is $2100, whereas an intel system with
PCI-e 4.0 and 12+ threads would cost above 3K+
Johannes Graumann
Sep 6, 2017, 6:25:29 AM9/6/17
to Tai...@gmx.com, Sandy Harris, qubes-users
Reply all
Reply to author
Forward
0 new messages