- where can I set machine-owner-key for rEFInd to do secure boot with Linux?
- where can I set the *real* machine-owner-key to load only a copy of board firmware compiled from not-license-encumbered source code on a machine I control?
- can I remove the wireless network interface so that I have a wireless network interface that does not run binary blobs?
- is there a clean interface to remove the Intel Management Engine binary blob and replace it with something that I can see the code so don't need to worry about something opaque and untrusted having "ring -3" access to my system?
I feel like I already know the answers to these questions. But these are questions anyone who has one of these machines should be asking themselves.
Unsure why you'd be a condescending person about this. Why not?
MacBooks made great Linux machines for many years before the bad times started. And hopefully will again some day!
Microsoft for years tried to act like a good guy with Secure Boot standards that promised systems would remain general purpose computers. If Microsoft obeys it's own standards, that should be the case here too! If not, how can we expect other vendors to provide the general purpose computing systems Microsoft has promised to keep available, as they locked down the boot chain?
Some DevOps guys I know are running on Macbook M2 a Gentoo musl+llvm+openrc userland on a Linux that has Asahi patches and https://grsecurity.net patches.
The only "downside" is no Windows VMs, but they don't seem to care about that.
I want a Surface Pro, that exact hardware as perceived on the outside as a user, sans the ""accidental"" backdoors. I have partial responsibility running a business that administrates high value deployments and many of our internal users doing "general office stuff" want exactly this kind of hardware.
And I want one or two for myself too, sans the backdoors...
Are there any modern Intel systems that can boot without blobs like the FSP? Even system76 hasn't been able to manage that, only disable the ME after boot.
I suspect you're greatly misunderstanding your clients' needs, because what you're saying is not an officially supported option that exists for anyone outside government agencies.
We have been running RaptorCS servers for years, are evaluating RISC-V based options in a lab, and we are looking at Oxide.
.
What Purism offers with its Pureboot and hardware security chip that enforces deemed-tolerable ME payload is sufficient enough for our ask.
.
> Are there any modern Intel systems that can
The lack of availability of a product does not change the desire for the product to exist. RISC-V is already successfully playing in a market space with products that satisfy my asks above, maybe Intel can catch up some day.
.
> clients' needs,
Our clients came to us and were clear about what their ask was. I'm kind of chuckling right now, because one of clients in particular, if he saw your post would shoot back with "it's not called the Bill of Needs".
Some of the other ones are government. But I appreciate you trying to be helpful.
