blog-contributions/opsec/openhardware/index.html

183 lines
11 KiB
HTML

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
<title>The lack of Open Source Hardware (CPUs, Motherboards, GPUs)</title>
<!-- Bootstrap core CSS -->
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
<link href="../../assets/css/xt256.css" rel="stylesheet">
<!-- Custom styles for this template -->
<link href="../../assets/css/main.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
<![endif]-->
</head>
<body>
<!-- Static navbar -->
<div class="navbar navbar-inverse-anon navbar-static-top">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand-anon" href="\index.html">nihilist`s Blog</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav navbar-right">
<li><a href="/about.html">About</a></li>
<li><a href="/blog.html">Categories</a></li>
<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
<li><a href="/contact.html">Contact</a></li>
</ul>
</div><!--/.nav-collapse -->
</div>
</div>
<!-- +++++ Posts Lists +++++ -->
<!-- +++++ First Post +++++ -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-07-10</ba></p>
<h1>The lack of Open Source Hardware (CPUs, Motherboards, GPUs) </h1>
<img src="0.png" style="width:250px">
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /grey -->
<!-- +++++ Second Post +++++ -->
<div id="anon3">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Why Open Source Hardware is vital </b></h2>
<p>When we're talking <a href="../privacy/index.html">Privacy</a>, we have one key requirement: It must be open source. <b>If you don't know/ can't know the inner details of your system, then you can't tell if the manufacturer has the ability to spy on you through the product</b>. It is a matter of Transparency, to be able to verify if you are not being spied on, you must be able to inspect the ins and outs of your system in it's entirety. Only after having verified the entire system can you proclaim that you have privacy (from the manufacturer in this case) while using the system. </p>
<img src="1.png" style="width:250px">
<p>When we're talking Computers, we have these 5 basic layers:</p>
<ol>
<li><p><u>Layer 4: OS and Applications</u> (ex: <a href="https://github.com/element-hq/synapse">matrix chat</a>, firefox, etc)</p></li>
<li><p><u>Layer 3: Kernel</u> (ex: <a href="https://github.com/torvalds/linux">the Linux Kernel</a> (written in C))</p></li>
<li><p><u>Layer 2: Assembler</u> (ex: <a href="../../HTB/asm/7.html">Direct CPU instructions</a> derived from the C compilation)</p></li>
<li><p><b><u>Layer 1: Firmware</u></b> (ex: low-level software to provide control over CPU, motherboard, GPU, etc)</p></li>
<li><p><b><u>Layer 0: Hardware</u></b> (ex: your motherboard, CPU, GPU, Ethernet port etc)</p></li>
</ol>
<p>The problem is, <b>if you have closed-source hardware (such as an Intel or AMD CPU, or a nvidia graphics card, or a msi motherboard)</b>, you can at most have open-source software and protocols all the way down to layer 2, <b>but not further below.</b> That's because you have hardware manufacturers creating products, but they are keeping the method as to how they create them a proprietary secret. Because you can't audit it yourself, you can't tell if there is any spyware baked into it or not. </p>
<img src="8.png" class="imgRz">
<p>Take for example AMD's <a href="https://en.wikipedia.org/wiki/AMD_Platform_Security_Processor">PSP</a> or Intel's <a href="https://en.wikipedia.org/wiki/Intel_Management_Engine">Management Engine</a>, which are both alleged backdoors implemented directly in consummers' CPUs. In the case of Intel's processor chipsets, <b>all CPUs since 2008 are to be considered backdoored by Intel ME, and there's nothing you can do about it, without knowing intel's secret way to disable it.</b><a href="https://www.intel.com/content/www/us/en/developer/articles/guide/getting-started-with-active-management-technology.html">[1]</a><a href="https://www.intel.com/content/www/us/en/support/articles/000005974/software/chipset-software.html">[2]</a><a href="https://www.eff.org/deeplinks/2017/05/intels-management-engine-security-hazard-and-users-need-way-disable-it">[3]</a> It is located in the Platform Controller Hub of modern Intel motherboards. </p>
<p>check out <a href="https://iv.nowhere.moe/watch?v=0o8Co1ekemU&listen=false">this video</a> for a deep dive into Intel's Management Engine from 36c3 chaoswest 2019.</p>
<p>Regarding non-free firmware, even Debian has been forced to accept this reality in 2022 in their <a href="https://www.debian.org/vote/2022/vote_003">general resolution vote</a>. In short, they now ship non-free firmware by default because 99.999999% of the people out there are running closed-source hardware CPUs, or GPUs, etc.</p>
<p><u>TLDR:</u> if you use closed-source hardware, you won't be able to get open source firware for the CPU, GPU or motherboard. <b>You cannot ever be 100% sure that your hardware itself contains a spying mechanism, because you can't check it yourself, be it in your motherboard, CPU, GPU, or network interfaces.</b> </p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>The Closed-Source Hardware Monopoly upon the market</b></h2> </br> </br>
<p>Hardware production is a much more costly endeavor than software production, given the energy and techniques required to create the electronic components to produce computers. Profit companies don't want to share their production secrets just like software companies to avoid competition and soak up all the profits they can get.</p>
<p>Let's look currently at what's the status of hardware on the market, are there that many open source options ? </p>
<img src="2.png" class="imgRz">
<p></p>
<img src="3.png" class="imgRz">
<p></p>
<img src="4.png" class="imgRz">
<p></p>
<img src="5.jpeg" class="imgRz">
<p>In short, no, <b>the market is currently utterly dominated and saturated by these profit companies, which are all selling closed-source hardware.</b> Open source hardware as a concept is not even a thing for them, it's all proprietary hardware, and firmware, this applies to Graphics Cards, CPUs, Motherboards, and Computers in general. </p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<!-- +++++ Second Post +++++ -->
<div id="anon1">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>The current status of Open Source Hardware on the market</b></h2> </br> </br>
<p>You can count companies that sell open source hardware on your fingers currently, they are of a very rare breed. We have the example of MNT Reform</p>
<img src="6.png" class="imgRz">
<p>Here we have the example of MNT reform, selling a laptop that you can entirely repair (by buying the hardware parts) yourself. from the batteries, to the Keyboard, to the monitor, hell, even the motherboard, <b>but still even here the CPU and it's firmware are not open source</b> <a href="https://source.mnt.re/reform/mnt-reform-raspberry-pi-cm4-som/-/blob/main/stdp2600-firmware/STDP2600_HDMI2DP_STD_RC3_3.hex?ref_type=heads">[1]</a>. For the rest, they try to maintain the open hardware requirement. They ship the laptop with all the electrical schematics for you to look through them and see if it holds true that they aren't spying on you.</p>
<p>Check out <a href="https://iv.nowhere.moe/watch?v=_DA0Jr4WH-4">this video</a> for a full unbox review of the mnt reform laptop.</p>
<p>Performance wise, can this compare to consumer grade laptops ? Sadly, not yet. Not even close. In the future if this project picks up steam big time, you might see competitors to Intel and AMD's monopoly.</p>
<p>Another top candidate coming up slowly is the Open <a href="https://riscv.org/">RISC-V CPU architecture</a>, aimed at dethroning the 2 CPU giants. But the project is still trying to pick up speed and adoption currently.</p>
<img src="7.png" class="imgRz">
<p>While i am very hopeful that with enough education spreading out the need for open hardware in the industry, for individuals' right to privacy, the market will change for the better. But the fact remains that the main manufacturers are under false democracies, where individual liberties are trampled on every day. The only thing they care about is profit, not your individual freedoms.</p>
<p>Therefore i'll conclude with the following: <b>Even for Privacy purposes, We use the tools that we have at our disposal currently, even if it means using open-source software on closed-source hardware</b>, until the market finally embraces fully open-source software, and fully open-source hardware.</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<!-- +++++ Footer Section +++++ -->
<div id="anonb">
<div class="container">
<div class="row">
<div class="col-lg-4">
<h4>Nihilism</h4>
<p>
Until there is Nothing left.
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>My Links</h4>
<p>
<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://matrix.to/#/#nowheremoe:nowhere.moe">Matrix Chat</a><br/>
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>About nihilist</h4>
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@nowhere.moe (<a href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
</div><!-- /col-lg-4 -->
</div>
</div>
</div>
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
</body>
</html>