Rebuild the Secure Hardware section #331
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#331
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
See #330.
We need better options.
We should consider these (not necessarily only HW): LibreBoot, https://system76.com
The state of secure hardware is a sad one. The same holds true for operating systems..
I think we should decide on the requirements for secure hardware. Bootstrapping hardware projects is hard, there won't be a plethora of projects to pick from, but we should establish some minimal requirements. There is definitely a need for something better than Intel chips and their ME bullshit.
We should consider all hardware projects that at least provide more security than a typical consumer-grade computer. They won't stand up to the ideals of a secure computer, but they are at least improvements over the existing options and a step into the right direction. The creation of more secure hardware is an incremental process and won't happen overnight, but what we can do is show support for those that have started the journey.
May be interesting to some:
"System76 will disable Intel Management engine on its laptops"
https://liliputing.com/2017/11/system76-will-disable-intel-management-engine-linux-laptops.html
u/trai_dep on purism:
@Shifterovich interessing. Thanks
Purism definitely hasn't managed to get rid of all proprietary code.
It is however a step in the right direction. I haven't done much research in this area. Feel free to share information, the good and the bad.
LibreBoot provides a hardware compatibility list, which is a good entry point for what we're doing:
https://libreboot.org/docs/hardware/
I don't know if there are any vendors who provide these laptops with libreboot in them by default? Also, recommending secure hardware is one thing, but providing users with a place to purchase their equipment is another. Whilst the hardware might be secure, the seller may have malicious intent. I think for now, that we should focus on merely getting a list of potential hardware.
Almost a year passed, and we got this. For more, see: https://securinghardware.com/articles/hardware-implants/
@Shifterovich I would warn against using System76. They don't appear to have any long term privacy and security goals. They appear to be focusing more on ease of use than Purism, this is a good thing, however they appear to promote non-free software in the process.
Their OS is based on Ubuntu. PureOS (what Purism uses) is based on Debian. Basically everything in Ubuntu can be done in Debian. However, Debian is noticeably more "free".
As for the Purism haters, they did suck for a long time. Currently however they are probably the only viable Linux laptop supplier with Coreboot, a CPU that is at least Intel Core i5, a free software OS, while still promoting ease of use for long term adoption.
System76 cannot say these things.
In my opinion this should be closed since there's already #904 discussing this. @freddy-m @dngray
Duplicate of #904