[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Libreboot] AMT replacement, Was: Intel ME opensource replacement
From: |
Daniel Tarrero |
Subject: |
Re: [Libreboot] AMT replacement, Was: Intel ME opensource replacement |
Date: |
Mon, 27 Jun 2016 17:00:49 +0200 |
User-agent: |
Mutt/1.5.23 (2014-03-12) |
Hola Denis and people around!
On Mon, Jun 27, 2016 at 01:57:16PM +0200, Denis 'GNUtoo' Carikli wrote:
> On Thu, 23 Jun 2016 11:45:47 +0200
> Daniel Tarrero <address@hidden> wrote:
>
> > Hi folks!
> >
> > Those interested in Intel AMT can found this resources usefull,
> AMT is just an application that is executed in the Management engine.
>
> > Wires and Bytes
> > http://me.bios.io/Main_Page
> >
> > ME unpack and query tools (they mention gluglug :)
> > http://io.netgarage.org/me
> This is rather an attempt to document the management engine, I guess in
> the hope of running free software on it (or to disable it).
>
> If successful, that can enable libreboot to run on more recent Intel
> hardware.
hmmmm, i cant see where it is a problem to libreboot, maybe it has
something to do with UEFI stuff?
Can be the boot loader's signing keys being stored there??
If so, burning the chip as i was planning can be really bad ^^
> Replacing AMT:
> --------------
> AMT is just an application, running on the ME, that provides out of
> band management of the computer.
>
> Such out of the band management functionalities can be very handy when
> you administrate a (home) server.
Yeah!! i have seen something like this in HP's "iLO" (integrated lights out).
It had its own network interface, software (probably similar to AMT),
also vnc server (i saw the bios booting from remote), and has this
computer power on/off switches and bios setting changes you mention.
It was running while the server was power down, so also it has its own pow
management.
> Having a replacement for many of the functionalities of AMT, is
> probably doable without that much work, with free software.
>
> Libreboot documentation mention free software running on a BMC.
oh, i have to look at that. Also in the links there were mentions to
some plp flashing it, but i dont know in deep details.
> However I think that wiring an SBC that runs a fully free distribution
> might be better.
so you suggest not to disable ME but override it with a SBC, isnt
it?
wow, that can be a powerfull addon, as much as my fears around ME, but
which belongs to us and we can read and build the sources =)
> With an SBC, you could:
> - Choose the hardware, this will probably suits you better, and
> can provide more trustworthiness.
> - Run 100% free software distributions without much work. Parabola
> works on ARM. I'm not sure how much stable it is though.
> - Have SSH and the usual required software. If you combine SSH and
> onion services, you have a pretty robust system: It doesn't need the
> DNS to work, it also ignores NAT (no port forwarding and so on).
> All you need is a robust way of running/booting the SBC, not to
> run out of space, and a reliable network connection.
> - Have an independent power source, some even include a battery charger
> and connector.
> - Have independent network connectivity. Most SBC have USB, so
> you can use ath9k_htc compatible WiFi dongles, or even data modems.
> Some have mini-PCIe connectors so you can use ath5k/ath9k compatible
> cards.
> - Trough the USB OTG connector, provides mass storage, serial port,
> and Ethernet.
> - Have a serial port that is connected to the server serial port,
> for easy remote administration. If the server doesn't have serial, it
> could use USB debug(in coreboot/libreboot) and USB serial(after
> coreboot/libreboot) instead.
> - Probably a way to power on/off the server trough its GPIO. I'm not
> sure exactly what is the best way to wire it. Probably in parallel to
> the power button wires. The ATX standard also has a way to power on a
> PSU with low voltage/amperage.
- two factor authentication in libreboot! :)
wow, maybe a bus pirate can do great things in this place 8)
> Note that Raptor Engineering has some test infrastructure that uses an
> SBC to do some of theses functions.
>
> Denis.
nice to read you Denis, hope we can dive more into this "computers riding
computers" stuff =)
Regards, Dani