Huh?
I thought I was replying to you, but it looks like I posted the above message as a new message.
Anyway, thanks for the reply.
You could use the two computers for two different tasks, or sell one of them. Instead you would use them to run a single Qubes OS instance, which likely could work fine on just one computer. How is this not wasting resources? Which benefit of using the two do you see, apart from partly removing Intel ME?
You would not be able to benefit from the additional security through isolation offered by Qubes Air, because you would have to copy all your working files between the computers all the time. However, you might benefit from more CPU power and RAM on Qubes Air, if you find how to use them.
Yes, this could probably be a reasonable comparison.
I saw this as as a reply to me, although the interface doesn’t show it as one. Might be a bug in Discouce @deeplow?
The Art of War Quotes
“The supreme art of war is to subdue the enemy without fighting.” ...
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. ...
“Let your plans be dark and impenetrable as night, and when you move, fall like a thunderbolt.”Well, since you worked on it do you mind giving us an high level overview on how that kernel version would achieve such a thing?
Your kernel would run on the main CPU, how would it block or even monitor what the ME is doing?
Why would anyone in their right mind use an unofficial Qubes OS kernel provided by an anonymous person anyway?
1 Like
I guess getting chewed up again …
No thanks you’re smart enough I looked into you.
Plus it would be a push to qubes os repo.
Been reviewing all of it for the 3rd time now.
Have been contributing to docs.
Well I coded this at the key of @marmarek on his code style. So I think once he sees that code was done to mimic his style he’s gonna love it!
~X
Currently the only computers that can be used without the ME are those supported by LibreBoot, but they are old and consume so much power.
You forgot about AMD ! The latest AMD-without-PSP is significantly more powerful than the latest Intel-without-ME - and there are AMD platforms supported by the opensource coreboot BIOS. Actually, we have been discussing one of them - Lenovo G505S - here: Lenovo G505s - #5 by mike_banon . Quad-core CPU, 16GB RAM, no PSP, works fine with Qubes (i.e. because IOMMU is functional with coreboot), and thanks to coreboot you can be sure there are no backdoors in BIOS
1 Like
This is gibberish and shows absolutely no understanding of how ME works - you are creating spam and FUD. Not a great look for your first few posts from suspension.
You cannot do anything in the kernel to have control over ME. The intel ME is a separate microcontroller with its own processor, memory, and I/O and running closed firmware - which has total visibility into the RAM and CPU that you know as “your computer”.
If you know anything about Rings, then you will know that something running in Ring 1 has no control over Ring 0 - but Ring 0 can totally pwn ring 1. The kernel runs in Ring 0. Drivers are Ring 1/2. Userlnd is ring 3. Just think of ME as a kind of “Ring -3” (even though its not, its actually another separate computer inside your computer, with full host memory access)
Heres a handy infographic …
and heres some educational reading
5 Likes
Hi @mike_banon ! this is a great point. I was sad to see the AMD boards exit coreboot , i had started to work on the HP t730 about 18 months back but it was slow going. too long winded and off topic to go into, - I should have just reached out. love the blog btw. keep up the good work.
2 Likes
Hi there @Plexus ! Thank you for the kind words 
I was sad to see the AMD boards exit coreboot
It’s not that bad:
- Currently it’s not a big issue: there haven’t been any significant achievements since last November (when our boards got dropped), so by sitting on the outdated coreboot we aren’t missing out too much yet.
- When this will become more of an issue, we may come up with the list of “git revert” commands, intended to be applied on top of a coreboot master. These “git revert’s” will undo the commits which drop our boards, as well as the commits which break a coreboot for us somehow - and this way we’ll still get the latest coreboot for our boards. Although, there will be an extra hassle of maintaining this list - of course more “bad commits” might be arriving in the future, and there will be the moments when we get bad ROMs until someone updates this list further…
- Actually, our boards may be not completely gone: they got forked to a separate branch, and there’s a chance they might return after the incompatibility with the modern “bells and whistles” like a v4 resource allocator will be addressed
HP T730
Well, it is a thin client which seems to have an embedded AMD RX-427BB CPU with the performance inferior to i.e. A10-6700 / A10-6800K of the coreboot-supported A88XM-E board. Another issue with RX-427BB - is that it’s based on Steamroller, which - still being the architecture of fam15h family - doesn’t have a PSP “backdoor”, but its’ AGESA library already became a binary blob, which seriously ruins the compatibility with the opensource coreboot BIOS. That’s the same reason why - despite that A88XM-E has FM2+ socket - you can’t put A10-7*** CPU to A88XM-E and still enjoy coreboot ; but you’ll be fine with A10-6700 / A10-6800K because their AGESA is 100% opensource - including all that cool low-level stuff like DDR3 memory training…
More info about the “coreboot for AMD” could be found here - and, although it’s written with G505S in mind, the coreboot for A88XM-E / AM1I-A boards is pretty similar and the primary difference is just how to flash a BIOS and what config to use. If you have any plans to get one of these platforms for your coreboot no-ME/PSP experience, I will be happy to answer to all your questions that might arise
1 Like
Any way you can explain this coreboot thing to me? Should I get it even though my system is PSP-less and already has IOMMU?
May be the devs are developing 4.2 with coreboot to replace the ME for anyone who are using Intel with Qubes.
Any way you can explain this coreboot thing to me?
coreboot is an opensource firmware, meant to replace the proprietary BIOS of your PC
Should I get it even though my system is PSP-less and already has IOMMU?
Yes, because your proprietary BIOS might have its’ own backdoors - such as Computrace etc (all this stuff was possible even before the ME/PSP introduction, it’s just it had to be software-only). And, as you can expect, to switch to coreboot you may have to change your PC, since the coreboot firmware supports only a limited number of PCs, and the chance that your current PC is supported by coreboot is too small.
I suggest getting Lenovo G505S or ASUS A88XM-E - both of which are AMD-based, coreboot-supported, PSP-less and support IOMMU
coreboot by itself isn’t doing anything to replace the ME - that’s a goal of a different project, me_cleaner
What is your goal with this?
What could you possibly be doing that would requires modern hardware but could be interrupted every 30 minutes?
Are you traveling back in time to brute force online passwords back before most places only gave you a few attempts?
Seriously though what are you trying to accomplish because there are probably far easier ways to get it done.
Why not just buy an old server with virtualization and no Intel ME?
DO you need multi threading? If you dont An old Pentium 4 at 6-7Ghz would be faster than a thread ripper.
Can you please explain what you are actually trying to do because your request doesnt make much sense. Can you not just get two computers and use one air gaped?
I personally have my good computer with no internet connection and I transfer files to it and edit video and do vfx on it.
Me can not teleport a signal if it has no internet connection as far as I know.
You talk about power consumption so are you trying to do all this on a laptop so your battery lasts longer? If so why not just get an old server without ME and a laptop without ME and remote into the server to get a lot of CP, ram ect while your laptop runs at basicall idle?
If you explain what you are trying to accomplish we could probably give you a simple rational solution that doesnt involve reinventing the wheel.
Thanks for your reply.
The goal is to remove the ME on modern CPUs.
I want to use a modern CPU!
I agree, I think so. I just don’t have enough knowledge 
This is just an idea I came up with on a whim.
Yeah, that’s probably the best way for now.
Better yet, use a typewriter!
Well if you are just trying to remove ME just to do it you can find many good guides on youtube.
Defcon ME in the searchbar should get you off to a good start but it is going to require some effort.
I 120% feel your pain bro. It’s a tough pill to swallow but you have to swallow it. The government and the corporations own your hardware, and their grip will only get stronger in the years and decades to come. The days of free, simple designs were a good time we will both always cherish, but they’re gone. Nowadays it’s too easy to plant spyware on even the smallest, most inconspicuous devices… possibly easier in some cases than not installing spyware.
The freedom of yesteryear lies within hardware of yesteryear. I’ve already begun investing in DDR2-era hardware to hopefully last me the rest of my stay on the planet, and I suggest anybody who cares about their digital privacy do the same.
2 Likes
What is that Precursor thing for? I read the entire product description and I still can’t tell whether it’s supposed to be a phone, a PDA, or something akin to a yubikey but with a screen. Guess I’ll take your word for it since it uses RISC-V.
Since I made that post I’ve become familiar with other PowerPC-related tech that looks very promising. In fact I already decided my next computer will not be x86 now that I know there are actually viable options, even given the relatively higher prices. I still fear these companies are too small in scale and visibility to be safe from malignant big tech, or worse, malignant legislation. If they forced the hand of big tech Intel and AMD, what hope is there for anyone else?