Hello Anons, wanted to share some info and perhaps make you think about what you should compute with.
-Proprietary ISA (Instruction Set Architecture)
This means to get enough low-level detail requires signing non disclosure agreements (NDA).
Even then, they might not disclose all the available commands (see Breaking x86 video below).
If you cannot trust what the processor is doing, then no open-source software will make it any more trustworthy.
Common instruction sets come with hundreds (over a 1000 for x86) instructions.
Breaking x86 instruction set
Hardware backdoor x86 (not for all processor models)
The more complex the system, the more bugs (in hardware and software).
Intel had plenty of bugs that were discovered post release, for example the Pentium floating point division: https://en.wikipedia.org/wiki/Pentium_FDIV_bug).
Interestingly, the x86 assembly instructions are actually decoded to a sequence of RISC instructions to be used by the internal cores of the CPU.
Intel has its Management Engine, which provides full access to CPU, RAM(?), control via network.
Advertised for sysadmins, but present on consumer hardware.
Intel ME Cleaner - Tool for disabling and pruning Intel ME from BIOS/UEFI firmware.
AMD Platform Security Processor (PSP)
Similar to Intel ME, based on an ARM core.
Video below shows how bios can be analysed.
Looks to be somewhat tamer compared to Intel ME, however this may have changed.
Dissecting AMD PSP:
Speaking to an experienced programmer, he told me the main reason why x86 is the main desktop/PC architecture, is that it allows compiling C almost directly to assembly. This is not the case as for ARM ISAs or RISC V.
I guess from a certain perspective, if you had an architecture with enough instructions to better support C (such as array operations) then it might have a chance at competing with x86.
Proprietary ISA, several versions available, current is v8.
There are licensing fees for use in custom ASICs, don't know how much the documentation covers the internals.
The are many Single Board Computers (SBC) using an ARM-based.
They are probably a better option compared to an x86 system security wise, however the underlying arch is still unknown.
Reduced Instruction Set Computing V
I was once an excited consoomer
for RISC V, until I heard about a libre project designing a system-on-chip (SoC) that struggled to get the necessary amendments to the standard (for graphics) put through. Here's a snippet from the project lead:
>if you were not associated directly with UC Berkeley, you were basically not welcome. Caveat: if you signed the NDA-like agreement which conflicts directly with, for example, the Debian Charter and the whole purpose of libre licenses, then you got a "voice" and you got access to the closed and secretive RISC-V resources and mailing lists.
This was my "red pill" if you will, that like the development Linux kernel, it's predominantly focused on working towards the interests of corporations as opposed to smaller developer groups.
The ISA itself is available to study ( https://riscv.org/specifications/
) and the main issue technically speaking is that the base instructions aren't long enough to deal with, say a 64 bit address/number directly, thus requiring extensions. The ISA has had quite a few extensions since its inception.
-POWER ISA originally designed by IBM. Later open-sourced.
One implementation is by Raptor, using Power9 ISA. Comparable to x86 desktops, very expensive.
-Older architectures which have been reverse engineered, or materials eventually released.
Such ISAs can be implemented inside a Field Programmable Gate Array (FPGA) for systems designed to give the user more control.
Here's a project based on the commodore 65
in an FPGA, project called MEGA65
The points by the chap are pretty good, and one of the main takeaways is:
your computing environments.
Your most important, trusted code runs on a small, fully verified CPU.
While any application that requires high performance or proprietary CPU/system, runs independently without access to the trusted system
For example if you were to design a secure phone, the main system could run on a trusted FPGA core (if you trust the FPGA of course
), and when service is required, the trusted core controls whether the cellular modem is enabled.
Unfortunately, greater integration leads to high chance of security breaches and botnets, so more modular design is necessary for security.
-Libre-SoC, a system-on-chip currently in development.
Supposedly will be the first open SoC with open source graphics.
Graphics seem to be the main issue in preventing fully libre computing hardware.
What I mean is dedicated graphics, not software rendering.
Ultra RISC / OISC?
One Instruction Set Computing
It may seem crazy, but there are individual CPU instructions that are Turing-complete, and hence an architecture built around this instruction can execute any finite problem (with enough RAM and time).
One example is the MOV instruction, which can move data between memory and CPU registers.
A C compiler for x86 has been written to compile your code down to just MOV instructions.
The MOV-only on x86 is more of a toy than practical, however there's potential to making a simple processing core in hardware, and by having many of these cores (8+) in a multi-processor system one could achieve better performance.
One of the architectures I'm working on is the Subtract and Jump If Less Than Or Equal To Zero (SUBLEQ), as it is also Turing-complete and someone has already written an OS for it here:
The plan is to make small scale version of the CPU before going for full Dawn OS compliance (256MiB is A LOT of memory for an FPGA dev board XD)
That's about as much as I'll say for now, as I would like to spend more time developing. Don't expect it to replace your PC, however as an embedded system it'll have a shot.
What do I use?
Both my desktop and laptop have Intel processors, one Sandybridge, the other Nehalem. Have not disabled the ME, however planning to give it a test when I have more time.
I use Arch and Debian (better compatibility with tools like yosys), but I intend to move Systemd-less system, potentially Gentoo, OpenBSD or FreeBSD.
I tried Artix, however I couldn't get some things working, and their wiki isn't nearly as detailed.
So if I want to learn about another init system, I may as well start from an OS that comes with it out of the box.
What are your options?
-Use either intel or AMD, but 'CHECK
if there's support for disabling the ME or PSP. ME cleaner even works on fairly recent generations of hardware: https://github.com/corna/me_cleaner/wiki/me_cleaner-status
-Use older CPUs. CPU before ME/PSP (or earlier versions where it can be disabled) is probably the easiest.
-Use a lightweight OS. Most POSIX compliant OSs can be configured to be lightweight and hence make using older hardware realistic. The most demanding uses are compilation of programs and video playback, so those will be harder to do.
-Limit network connectivity on machines that you're concerned about. If it can't call back home then it can't leak your data eh? XD (Hehe, there are other ways for hackers to do it... Air Hopper: https://www.hooktube.com/watch?v=2OzTWiGl1rM)
-Aim to use libre hardware, as it gives you more control over hardware. Example: https://github.com/OLIMEX
Thanks for reading Anons.
(Just to let you know I'm definitely NOT
an expert on CPU arch's, I just want a system that's not a botnet XD)