Armbian Libre?


starkwether
 Share

1 1

Recommended Posts

Hello-

 

I'm looking to marry free and open (as possible) software and hardware into one inexpensive system. I'm in over my head so apologies in advance if I'm asking silly stuff. I did check the basics on here and have been lurking.

At any rate I've been messing around with the Lime 2 and haven't had much luck getting Parabola to boot into LXDE... or any GUI at all actually. I thought I'd try Armbian as the Debian Kernel has been blob-less for a while now. I really, really like it so far.  I am using Mainline, just want to make sure I'm running all free software if possible.

 

I have checked for non-free stuff via:

 

dpkg-query -W -f='${Section}\t${Package}\n' | grep ^non-free

 

and

 

aptitude search '~i ?section(non-free)'

 

I found a single non-free package, iozone (if I'm remembering right?) and removed that guy as it's for monitoring and (hopefully? lol) non-essential.

 

My question is: am I good now or am I overlooking stuff? Debian won't deliberately install non-free packages unless you explicitly make it, correct?

I have been reading up on device tree as it's supposedly been loaded as a blob on bootup. Is this in fact a proprietary binary?

What else do I need to read up on? I'm looking to upgrade to a CubieTruck; I want to stick with A20 because as far as I've read it's not vulnerable to Spectre or Meltdown.

 

Thanks much.

Link to post
Share on other sites

Armbian is a community driven open source project. Do you like to contribute your code?

16 hours ago, starkwether said:

I have been reading up on device tree as it's supposedly been loaded as a blob on bootup. Is this in fact a proprietary binary?

The device tree blob is compiled from source.

The DTS and DTSI files in the kernel source tree are compiled to a DTB file.

It's not a proprietary blob, I don't even think it can even contain code, just a data structure describing the hardware on the system. It's the same concept as the FEX and BIN files Allwinner chips use to configure the peripherals on other kernels

 

(edit) PS: iozone is free software, it's just not a definition of free that fits certain dogmas

http://www.iozone.org/docs/Iozone_License.txt

You can do whatever you want with it, as long as you include the license and you allow the original author the right to distribute your derivative work.

Link to post
Share on other sites

21 hours ago, starkwether said:

I want to stick with A20 because as far as I've read it's not vulnerable to Spectre or Meltdown.

well "in a twisted mind everything is possible"...

howbout Allwinner's BROM - it's a code, it's not open schmopen. The very first code that runs is not open! Also - memory initialization code. In fact Allwinner's sdram init code is NOT free and open. Monitor code. Do you ever know what does run in a Monitor mode? It's a special processor mode for managing Secure World, in ARM parlance. There the entire OS might run and you could not even suspect it. VPU firmware? GPU blobs. Without a tin foil on the head, that collection would be just unbearable. :lol: Also, HDD firmware. These A20 boards have SATA.

Link to post
Share on other sites

20 hours ago, valant said:

Do you ever know what does run in a Monitor mode?

 

Ahh hahaha, nope,  I'm new to ARM but still had no illusions that it was magically free of propriety. That's why I'm asking you guys and gals; this is what I want to hear about.

 

Check out what LIbreboot is working on with ASUS ARM based Chromebooks.  Maybe a Libreboot payload could be developed and delivered to BROM? No idea.

Also I know 3D acceleration is impossible without proprietary drivers but what about 2D/CLI Lima? I'm not currently running 3D.

Yup, Trust Zone/Secure World and DRAM stuff are a problem. No ideas there.

Yes, hard drive firmware malware does exist, no seriously, you're totally correct about that.

 

 

20 hours ago, valant said:

Without a tin foil on the head,

 

Don't leave home without one! :D

 

 I know, I know all this stuff is extreme and absolute security is entirely fallacious. I'm not trying to preach any ideology either. I'm just personally concerned about Intel's Active Management Technology and AMD Platform Security Processor as well as the general trend toward lower and lower level malware. Call me paranoid but a totally "free" computational platform is a just a warped interest of mine :ph34r: and I'm looking to get my hands dirty before EOMA 68 comes out... though EOMA would have similar issues with Trusted World,  DRAM init, etc, huh?

 

Anyway an actually free computer seems a way off yet. Maybe RISC V is our best shot?

 

I must disagree about Spectre and Meltdown though. That's not tin hat status haha; it's a big deal not to be vulnerable to those and ARM has not listed the A7 or A53 as vulnerable so that's cool. 

 

Thanks for the info!

 

Link to post
Share on other sites

32 minutes ago, starkwether said:

Maybe RISC V is our best shot?

So far, it's like V means "vaporware". :D nothing materialized.

 

34 minutes ago, starkwether said:

I must disagree about Spectre and Meltdown though. 

serious problems, and everyone should take them seriously enough, but not more. :)

 

If you are looking for meltdown/spectre insusceptible arm CPU SBCs, then the obvious question arises: why aren't you considering something more powerful and newer - like H6 upcoming boards or Rock64, they have fast usb3, pcie, more memory etc. if you are looking for a desktop-like use. and the funnier thing - they are cheaper than the a20 boards you can now buy.

 

I am a fan of a20, uvcNyHzQSWpRiSAmBlmH.gif I have Cb2, it's just a little suspicious why you omitted newer a53 boards.

Link to post
Share on other sites

17 hours ago, valant said:

So far, it's like V means "vaporware". :D nothing materialized.

 

 

Actually we should be able to get our hands dirty on RISC V stuff very soon, check this out: there is a 32bit Arduino compatible RISC V board available now called the HiFive1. But even more exciting to me is that same manufacturer should be releasing a single board quad core RISC V (youtube) the first quarter of this year. This chip is 1.5 GHz, allegedly equivalent to the A35 so desktop Linux would certainly be do-able. 

 

Someone will correct me here but it looks like these chips from SiFive are fully open hardware? Again, that can be a slippery definition. And of course there will always be issues similar to BROM. I have read just yesterday about how processors require an auxiliary program in order to prepare for restart; I incorrectly assumed that when restarting a computer system everything just "reboots somehow" but it turns out all the registers etc in a CPU need to be set to a state where a restart can happen from first. Point is, something has to do that of course, and surprise, it's design is opaque. I would guess ARM has this? I'm not losing sleep over that, it's just interesting though.

 

There also seems to be a lot of talk of RISC V being intrinsically faster per watt than other instruction sets but honestly I don't know enough to tell if this is just manufacturer hype or not... 

 

18 hours ago, valant said:

why aren't you considering something more powerful and newer - like H6 upcoming boards or Rock64, they have fast usb3, pcie, more memory etc. if you are looking for a desktop-like use. and the funnier thing - they are cheaper than the a20 boards you can now buy.

 

Yeah, good point. The truth is that there's just a lot of boards to research! And I want one that has solid support from Armbian as it's my favorite distro (best compromise of usability, stability and security IMHO) and I lack the skills to develop new stuff for unsupported boards. I'm really trying to learn more so I can contribute.

 

Too bad Novena uses the A9 :(

 

Sorry for the wall of text, hopefully that's useful info and not just speculation haha

 

Link to post
Share on other sites

On 2/2/2018 at 4:47 PM, martinayotte said:

Right ! In fact, the original designer is Berkeley University, and many folks played with this core on FPGA, check the Wikipedia for history ...

 

Right you are, I neglected to notice that many of the original designers of RISC V are founders of SiFive.

 

Looks like the age of RISC V Linux is upon us, as of this week in fact. Too bad it's not at a very accessible price but I'd guess being the first to fabricate a small batch of novel single board computers isn't cheap. Exciting stuff.

 

So for whatever reason implementing an open source CPU on an FPGA never occurred to me. That is really, really cool. This thread sure has evolved off topic, but: I'm wondering how usable a soft-core CPU would be on an FPGA. I've no illusions that it could compete watt for watt with an ASIC (not the point in this case IMHO) but could you actually get a basic desktop GUI with USB and Ethernet and all of the basics?

 

I kind of want to try regardless, just to learn. However (tin-foil on, shiny side out ^_^) hardware rootkits have in fact been found in FPGAs (PDF). If you're like me, you're going to insist on open hardware and software for FPGA development. That really only leaves a few choices for platforms, namely the ICE40 family which can be programmed using a fully open toolchain called Icestorm. How much of the hardware and firmware of ICE40s is open? I don't know. Can anyone weigh in on that?

 

Looks like Olimex has some ICE40 boards plus peripherals. What would be nifty is to use one of their other open hardware boards as a programmer.

 

How would one estimate the requirements needed to burn an Open RISC or RISC V cpu to ICE40? Is it just a matter of having enough logic cells?

Link to post
Share on other sites

On 2/5/2018 at 1:07 PM, martinayotte said:

I don't know, but ICE40 are not so huge compare to Xilinx or Altera latest FPGA ...

 

Yup. There's always going to be a sacrifice to some extent I reckon.

 

On 2/2/2018 at 10:23 AM, starkwether said:

fully open hardware? Again, that can be a slippery definition.

 

 

I would correct myself here, actually a formal definition of open hardware exists. Also the Free Software Foundation has a ton of resources on open hardware as well a a certification they bestow on products they free respect your freedom.

 

However- That little silk-screened open hardware gear logo isn't a get out of jail free card per se:

 

I think the takeaway is that open hardware does not automatically mean backdoor-free hardware; but because absolute security in computation is impossible you have to decide how far you are willing to go. If you're concerned, get to know your hardware/firmware and you can make an informed decision. Otherwise there may be a risk of getting ambushed by things similar to Active Management Technology... worst case scenario, admittedly.


For the really cautious, non-branch prediction ARM (check Spectre/Meltdown vulnerablity per CPU) on open hardware boards running blob-less GNU/Linux is pretty great security for the price at the time of this post. RISC V is likely better but likely a year or so off.

 

/soapbox

 

Side note: Rowhammer is also pretty nasty if you haven't heard

 

Thanks you guys again for all the knowledge; rather than prattle on here I'll go check out Open Cores. I really don't expect to build a  working X86 desktop from a grid of programmable gates but dang that sounds cool, and certainly a learning experience.

Edited by starkwether
add FSF links, RYF standard
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

1 1