Actions

Open-source Hardware

From Whonix


Opensourcehardware.png

Introduction[edit]

Info This chapter contains general security advice and is unspecific to Whonix ™. Readers interested in this topic should undertake significant research before purchasing any open-source hardware. It is also recommended to learn more about free hardware designs [archive].

Hardware Trust in Modern Computing[edit]

Security researcher and Qubes founder, Joanna Rutkowska, has noted that modern computing and networking security relies upon a critical foundation - trusted hardware and firmware domains. Even high-security operating systems have an security upper bound, since that is defined by the trustworthiness of hardware components that are ideally placed to compromise the entire system if bugs or backdoors are present: [1]

... for years we have been, similarly, assuming the underlying hardware, together with all the firmware that runs on it, such as the BIOS/UEFI and the SMM, GPU/NIC/SATA/HDD/EC firmware, etc., is all. . . trusted.


But isn’t that a rational assumption, after all?

Well, not quite: today we know it is rather unwise to assume all hardware and firmware is trusted. Various research from the last ten years, as discussed below, has provided enough evidence for that, in the author’s opinion. We should thus revisit this assumption. And given what’s at stake, the sooner we do this, the better.

Rutkowska has concluded the following hardware components and mechanisms are all vulnerable to exploitation and often flawed in their implementation, making them easy to "backdoor": [1]

  • x86 boot security (BIOS implementation).
  • Vt-d (CPU-enforced sandboxing of networking).
  • Graphics cards (GPUs) and sub-systems.
  • USB controllers.
  • Disk controllers (SATA etc.).
  • Embedded controllers (for keyboard operation, battery charging etc.).
  • Audio cards.
  • Peripheral devices.
  • Intel Management Engine (ME) and AMD Security Processor (embedded microcontrollers).
  • Built-in speakers, microphones and cameras.

This is particularly true for privileged, out-of-band hardware components like Intel ME's AMT which can read or write any of the host computer's memory, without any constraints - the perfect, undetectable rootkiting infrastructure. [1] In short, it appears that modern computing architectures are impossible to secure properly, especially since popular, proprietary hardware options (Intel and AMD) dominate the market. [2]

Open-source Hardware Alternatives[edit]

People who are motivated to avoid proprietary hardware solutions are in a bind. There are few options available that are truly "free" (as in freedom), affordable and which provide suitable processing power to run "secure" operating systems like Qubes-Whonix ™, because specific hardware requirements like VT-d and VT-x are necessary for compatibility with future software releases.

Open-source hardware is also not perfectly secure since it is not "stateless". Meeting this standard requires there be no persistent storage at all. [1] Further, "free" hardware does not really exist, since by definition it requires that hardware is free at all levels, including: licensing, the chip and circuit board designs, the field-programmable gate array, source code, relevant repositories and so on. Also, proprietary "soft cores" which are often incorporated in various hardware circuits need to be purged to meet the necessary criteria. [3] [4]

ARM-based Platforms[edit]

ARM architecture dominates smartphone and tablet markets, providing a good level of performance. However, an open-source "ARM processor" is non-existent, because only the specifications and other intellectual property (IP) are released to manufacturers under specific licenses. This leads to NVIDIA, Samsung and others combining the ARM IP with their own, leading to the actual, customized processors called System-on-Chips (SoCs). [1] ARM SoCs also often have a TrustZone extension, with implementation providing similar functionality to Intel's ME. There is nothing special in ARM architecture that prevents the possible introduction of backdoors.

Open-source Processors[edit]

Unfortunately, a fully open-source, Linux-capable based processor (SoC) [archive] is not yet available, with the design still being finalized. While this project will eventually allow a 64-bit RISC-V instruction set architecture (ISA) and the development of low-cost boards, the wait may be lengthy (many years) and it is not clear such processors will perform well enough for typical desktop workflows like watching movies, running browsers, using office suites and so on. It is also unknown whether this design will allow for security technologies like IOMMU and memory virtualization. [5] [1]

Another initiative related to this topic is the OpenPOWER Foundation [archive], which was established in 2013. The foundation has a number of influential partners, including IBM, Google, NVIDIA, Samsung Electronics and Canonical. Critically, IBM is "...opening up technology surrounding their Power Architecture offerings, such as processor specifications, firmware and software with a liberal license, and will be using a collaborative development model with their partners." [6] [7] The initiative will also include opensource software, firmware, the KVM hypervisor and a little endian Linux operating system. [8] OpenPOWER code can be found on GitHub [archive].

Final Hardware Purchase[edit]

The Free Software Foundation (FSF) makes a number of relevant recommendations: [9]

  • Find devices which support fully free distributions of GNU/Linux.
  • Purchase hardware:
    • From manufacturers who support GNU/Linux.
    • Which supports coreboot/libreboot as a proprietary BIOS replacement.
    • Without the need for proprietary drivers or firmware; see hdnode.org [archive].
  • Check the FSF criteria [archive] for hardware certification requirements.
  • If looking for a single-board computer (SBC), check the list [archive] of available (flawed) hardware. [10]
  • Check the list of motherboards [archive] that are compatible with coreboot. [11]

A list of suppliers selling or providing Libreboot [archive] pre-installed on laptops, desktops, servers and motherboards can be found here [archive]. Readers interested in purchasing hardware with Coreboot pre-installed can start their search here [archive].

Buyer Considerations[edit]

Based on the preceding information and links, those seeking an open-source solution need to make a compromise. Since an open source LowRISC processor based on the RISC-V ISA -- which can support a fully-fledged operating system -- does not yet exist, [12] the closest thing available is single-board computers (SBCs) [archive], which are delivered as one circuit board that are powerful enough to run a real operating system. These systems generally contain a SoC with an ARM processor, with options like Novena [archive] and PandaBoardES [archive] falling into this category. However, they still have a number of closed-source binary blobs and the FSF also notes "severe flaws" in these products due to proprietary design concerns.

Purism [archive] also seek to remove as many proprietary blobs as possible, for example by using coreboot in place of the standard BIOS implementation. Unfortunately, this solution is expensive and still relies on an Intel processor. Despite the claims that ME is "neutralized", the ME still poses potential security threats to the user as highlighted in Rutkowska's research.

The following options may be suitable, depending on user requirements:

In the coming years when open-source processors and hardware designs further mature and the necessary functionality is provided for virtualization, reasonable and fairly-priced alternatives to proprietary architectures will start to emerge.

Firmware Considerations[edit]

Open-source hardware [archive] is not affected by the non-free firmware updates issue described in the previous chapter. Such hardware might be more trustworthy, but open-source firmware can be just as insecure as a proprietary one. Fortunately, open source firmware increases the chances of actually making it secure, with options like coreboot appearing to be a promising solution. [1]

References[edit]

  1. 1.0 1.1 1.2 1.3 1.4 1.5 1.6 https://blog.invisiblethings.org/papers/2015/x86_harmful.pdf [archive]
  2. AMD-based x86 platforms have analogous hardware mechanisms to Intel, so they are not theoretically safer.
  3. https://www.wired.com/2015/03/richard-stallman-how-to-make-hardware-designs-free/ [archive]
  4. https://www.wired.com/2015/03/need-free-digital-hardware-designs/ [archive]
  5. https://www.lowrisc.org/about/ [archive]
  6. https://en.wikipedia.org/wiki/OpenPOWER_Foundation [archive]
  7. Primarily the Power8 chip technology, but previous designs will also be available for licensing.
  8. Firmware to boot Linux was released in 2014.
  9. https://www.fsf.org/resources/hw [archive]
  10. None of these options are completely free in their design.
  11. Some motherboards still require proprietary CPU microcode.
  12. The LowRISC FAQ [archive] notes the rough processor speed that is expected:

    The clock rate achieved will depend on the technology node and particular process selected. As a rough guide we would expect ~0.5-1GHz at 40nm and ~1.0-1.5GHz at 28nm.

  13. For example, see the T2P9D01 Mainboard document [archive].
  14. This requires:

    ... that information about the hardware is easily discerned so that others can make it – coupling it closely to the maker movement. Hardware design (i.e. mechanical drawings, schematics, bills of material, PCB layout data, HDL source code and integrated circuit layout data), in addition to the software that drives the hardware, are all released under free/libre terms.

  15. https://www.fsf.org/blogs/licensing/support-the-talos-ii-a-candidate-for-respects-your-freedom-certification-by-pre-ordering-by-september-15 [archive]
  16. https://twitter.com/Whonix/status/1190634591045865472 [archive]


Fosshost is sponsors Kicksecure ™ stage server 100px
Fosshost About Advertisements

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki


Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: Discourse logo.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contribute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Twitter-share-button.png Facebook-share-button.png Telegram-share.png link=mailto:?subject=Open-source Hardware&body=./Open-source_Hardware link=https://reddit.com/submit?url=./Open-source_Hardware&title=Open-source Hardware link=https://news.ycombinator.com/submitlink?u=./Open-source_Hardware&t=Open-source Hardware link=https://mastodon.technology/share?message=Open-source Hardware%20./Open-source_Hardware&t=Open-source Hardware

Check out the Whonix ™ News Blog. Rss.png

https link onion link Priority Support | Investors | Professional Support

Whonix | © ENCRYPTED SUPPORT LP | Heckert gnu.big.png Freedom Software / Osi standard logo 0.png Open Source (Why?)

The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent.