Rebuild the Secure Hardware section

[ghost]

See #330.

We need better options.

We should consider these (not necessarily only HW): LibreBoot, https://system76.com

[kewde]

The state of secure hardware is a sad one. The same holds true for operating systems..

I think we should decide on the requirements for secure hardware. Bootstrapping hardware projects is hard, there won't be a plethora of projects to pick from, but we should establish some minimal requirements. There is definitely a need for something better than Intel chips and their ME bullshit.

We should consider all hardware projects that at least provide more security than a typical consumer-grade computer. They won't stand up to the ideals of a secure computer, but they are at least improvements over the existing options and a step into the right direction. The creation of more secure hardware is an incremental process and won't happen overnight, but what we can do is show support for those that have started the journey.

[Eduardo06sp]

May be interesting to some:
"System76 will disable Intel Management engine on its laptops"
https://liliputing.com/2017/11/system76-will-disable-intel-management-engine-linux-laptops.html

[ghost]

u/trai_dep on purism:

What's vexing with Purism is, since their launch years ago, they've been promising, Any day now! When the Core/Libre boot folks were saying, Not so fast. And their "progress chart" is the same place now as it was then. Even shadier shenanigans in other ways that I won't get into here.

https://www.reddit.com/r/linux/comments/3ew6pz/libreboot_exposes_the_purism_librem_as_fraud/

https://www.reddit.com/r/linux/comments/69k4l9/purism_librem_laptops_any_feedback_from_real/

[beerisgood]

@Shifterovich interessing. Thanks

[kewde]

Purism definitely hasn't managed to get rid of all proprietary code.
It is however a step in the right direction. I haven't done much research in this area. Feel free to share information, the good and the bad.

LibreBoot provides a hardware compatibility list, which is a good entry point for what we're doing:
https://libreboot.org/docs/hardware/

I don't know if there are any vendors who provide these laptops with libreboot in them by default? Also, recommending secure hardware is one thing, but providing users with a place to purchase their equipment is another. Whilst the hardware might be secure, the seller may have malicious intent. I think for now, that we should focus on merely getting a list of potential hardware.

[Atavic]

Almost a year passed, and we got this. For more, see: https://securinghardware.com/articles/hardware-implants/

[gjhklfdsa]

@Shifterovich I would warn against using System76. They don't appear to have any long term privacy and security goals. They appear to be focusing more on ease of use than Purism, this is a good thing, however they appear to promote non-free software in the process.

Their OS is based on Ubuntu. PureOS (what Purism uses) is based on Debian. Basically everything in Ubuntu can be done in Debian. However, Debian is noticeably more "free".

As for the Purism haters, they did suck for a long time. Currently however they are probably the only viable Linux laptop supplier with Coreboot, a CPU that is at least Intel Core i5, a free software OS, while still promoting ease of use for long term adoption.
System76 cannot say these things.

[gary-host-laptop]

In my opinion this should be closed since there's already #904 discussing this. @freddy-m @dngray

[freddy-m]

Duplicate of #904