Is there topic on best router/switch hardware with Neutered IntelME, Coreboot, OpenWRT/FreeBSD?
1 Like
I’m not claiming it’s the best, but Protectli offers corebooted router/firewall hardware.
Also, you can install Xen and compartmentalize your network like you do data with Qubes (which is based on Xen).
1 Like
which Intel CPU generation does this use? Is it the same as the X200 Thinkapd? Is it even possible to neuter/disable IntelME completely?
This device uses the xcp-ng hypervisor, which is based on the Xen hypervisor,
which is open source.
1 Like
Protectli is a good option, but is there any option from a neutral country?
1 Like
but is there any option from a neutral country?
What is a neutral country?
Also, when you say “best”, what are the criteria you are after?
Have a look at:
1 Like
The rockchip in these devices is considered more or less libre than an Intel based device with IntelME neutered?
A neutral country is neither US, nor China and their spheres of influence,
it is neutral.
1 Like
I’ve looked and haven’t found any open-source switches that worked for my use case (10GB) but OpenWRT has a few that are supported: Making sure you're not a bot! . In terms of routers I would suggest OpenBSD on an X86_64 or aarch64 platform. BSD doesn’t have great wifi support so I would suggest using OpenWRT on a separate device for a wifi access point though.
1 Like
What architecture are these running? All use OpenWRT? 10GB of data throughput is your use case?
They have dealers for these Making sure you're not a bot! ?
Or only direct sales.
1 Like
No, I don’t think any of these switches run OpenWRT by default but it can be installed on them. The CPU architecture depends on the specific switch, you can look it up to see more details
.
1 Like
The documentation references Realtek SoCs, but how does this compare with
the Rockchip? Both have ARM architecture?
Any libre networking gear running on RISC-V yet?
ARM devices are known to run
AMSS RTOS and Rex kernel (L4 microkernel) which is closed source and
owned by General Dynamics (non neutral).
1 Like
RISC-V SoCs with open source firmware would be the best, but not clear if commercially available.
1 Like
Does realtek have any RTOS running, similar to IntelME?
1 Like
FSF claims that rockchip is one of the most open ARM based SoCs, however
it doesn’t discuss AMSS OS, or Rex (L4 microkernel).
I think something like a ROCKPro64 from Pine64 + 4-port PCIe NIC would be well suited for your needs. I have been thinking about this topic myself, and this is what I’d like to do in the future. You can run u-boot which supports most Pine64 SBCs, and unfortunately I have yet to come across completely libre firmware for NICs, but Intel NICs are well supported with Libre drivers on both Linux and OpenBSD.
Yes this is good option. the FSF link here:
Can you say, which NIC is using the Pine64? Intel?
Here is some RISC-V STAR64 - PINE64
pretty impressive.
Their RISC-V stuff has some support but it’s not on par with ARM yet (well, that’s the story with RISC-V in general). I guess you could run Debian and make that in to a router on it just fine since Debian should work well on their RISC-V I think. Drivers should be fine too but if you’re willing to go this deep compilation shouldn’t be an issue for you.
I have some bad news for you though: The RockPro64 uses the RTL8211F PHY which you may not like if you’re all into FSF-approved hardware Nevermind, seems like realtek.ko handles these well in the Linux kernel, so should be libre on Linux too.
Shouldn’t matter if you’re using a quad port PCIe Intel NIC as drivers for that are (likely) libre in most operating systems.
Edit: Here are two websites with a big DB on SBCs, where you can search by the features you want:
All is China origin country here. No Taiwan? Malay?
I don’t want to get into politics on this forum but the two countries you mention aren’t “neutral” either (going by your own definition). With that said, if you’re worried about an exploit, note that you’d be running u-boot, which reduces the chances of something like that (as much as libre software can improve security). I really don’t know where one could source hardware from that is guaranteed to be free from hardware exploits, sorry. Pine64 has a good reputation on the internet from tinkerers so I’d assume they’re not up to something shady (you could run a network logger in front of your router and look to see if you find any traffic that looks malicious, however as I’m typing these words I realise what a wasteful rabbit-hole that’d be).