logoalt Hacker News

simonhtoday at 1:55 PM3 repliesview on HN

marcan addressed this early on in the project, arguing that Intel platforms including some of those advocated for by the FSF are less open and more at risk of upstream abuse in some very significant ways.

https://news.ycombinator.com/item?id=29684585

For example intel systems (and Android) run resident supervisor code you can't get rid of, and that can do remotely initiated updates you have no control over. That's not so on Apple silicon.

>In fact I'm much more sure about that than I would be with the laptops the FSF peddles as "respects your freedom"; last time I looked at the schematics for one of those, it had over a half dozen chips running secret blobs, and at least two or three of them had full access to all system RAM via a DMA capable bus. You'd have to be insane to trust that over an M1, which is designed to sandbox all coprocessors from the main CPU and RAM via IOMMUs, such that even if all firmware is backdoored it can't take over your main CPU.

Also these comments are worth considering.

https://news.ycombinator.com/item?id=29307836

https://news.ycombinator.com/item?id=29307377


Replies

throw0101dtoday at 3:28 PM

> For example intel systems (and Android) run resident supervisor code you can't get rid of, and that can do remotely initiated updates you have no control over. That's not so on Apple silicon.

The Oxide Computer folks wrote their own AMD boot loader and have an entire chain of trust and apparently (?) basically got rid of the supervisor code (Ring -2 and -3). They also have custom motherboards with third-party BMCs.

Could something similar be done on Intel?

show 1 reply
ameliustoday at 2:29 PM

What good does that bring if Apple shuts down the project?

Also, I don't believe Apple has no backdoors and such. They basically made it impossible to be root on your iPhone, so you don't think they have a almighty-super-superuser mode on their laptops that only they can use? Wishful thinking if you ask me.

show 3 replies
WD-42today at 2:58 PM

> last time I looked at the schematics for one of those

When was the last time they looked at the schematics for one of the Apple machines? Oh, wait.