zlacker

Is this something we could achieve with a corporate alliance? I know a lot of tech companies would like to give their employees secure laptops. I also know that there are large costs associated with making hardware, especially if you are talking about dropping ME.

A dozen companies with 1000 employees each and a budget of $2,500 per employee gets you $30 million, which is surely enough to get a decent, qubes-secure laptop with no ME. You aren't going to be designing your own chips at that point, but you could grab power8 or sparc or arm.

Are there companies that would reasonably be willing to throw in a few million to fund a secure laptop? I imagine at least a few. And maybe we could get a Google or someone to put in $10m plus.

replies(3): >>erikb+41 >>Xeoncr+l6 >>Canada+xa

>>Taek+(OP)
With an alliance you can achieve agreement, not quality. Everybody will say, they agree to a standard, then you get a 200 bullet point document, and 5-10 years later you get expensive, certified solutions that in reality only contain 20 of the 200 points, acting like they contain 180 points, and certainly excluding the important ones because these are hard to solve and expensive to implement.

Quality you can only achieve by possessing the right skills and making the right long term investments.

>>Taek+(OP)
I would think that one company (Google, Amazon, Facebook, etc..) that cared enough would be better off SOLEY funding a project like this for themselves first - then others second.

$100 Million investment isn't a stretch for something from a large company.

replies(2): >>brians+N8 >>wmf+Fa1

>>Xeoncr+l6
They did. Apple laptops have no ME, and Chromebooks are safe (e.g., the source is open to Google!)

replies(3): >>clebio+id >>qb45+Jk >>cyphar+Yk

>>Taek+(OP)
Intel ME is effectively the result of a corporate alliance... large organizations want central control of the computers they give their employees regardless of what that employee, the computer's user, wants.

replies(1): >>gcb0+gZ4

>>brians+N8
I was not aware of this. Any citations readily on-hand?

>>brians+N8
What makes you think that x86 MacBooks or Chromebooks could work without ME?

Also, according to libreboot FAQ, even Google was unable to get source for Intel firmware blobs.

https://libreboot.org/faq.html#intel-is-uncooperative

>>brians+N8
ChromiumOS is what Google bases ChromeOS on, and it's source is available (most notably, the U-Boot and device-specific firmware source is available for all Chromebooks). That's one of the reasons why Chromebooks are so well-supported by coreboot.

replies(1): >>gcb0+TZ4

>>Xeoncr+l6
The Chromebook Pixel was basically this. Even Google can't remove the ME but they don't need to since they understand actual security.

>>Canada+xa
not exacting. they want disk encryption with a master password fallback and bios tampering detection. then there is nsa and nist and darpa et al which want lots more.

Intel just decided to clump it all together. and it doesn't even fully address the two main corporate requests.

>>cyphar+Yk
very wrong.

from their site:

"For years, coreboot has been struggling against Intel. Intel has been shown to be extremely uncooperative in general. Many coreboot developers, and companies, have tried to get Intel to cooperate; namely, releasing source code for the firmware components. Even Google, which sells millions of chromebooks (coreboot preinstalled) have been unable to persuade them.

...

Basically, all Intel hardware from year 2010 and beyond will never be supported by libreboot...."