back to article Look ma, no Intel Management Engine, ish: Purism lifts lid on the Librem Mini, a privacy-focused micro PC

Purism has dropped the veil on the latest computer in its privacy-focused lineup – a small form-factor PC designed for space-conscious free software enthusiasts. Available to pre-order now, the Librem Mini packs an eighth-generation, quad-core Whiskey Lake i7-8565U processor, modified with Purism’s Pureboot technology. At its …

  1. Pascal Monett Silver badge

    Checked out their site, looks good

    And I have to admit that, one, I like their approach to my security and, two, I like the Librem 15 laptop a lot. Its aspect, the fact that ruggedness and reliability is repeatedly mentioned, and the specs are nothing to sneeze at either. The $1400 price tag is surprisingly acceptable for the quality and specs that are put forth, at least in my opinion. I was expecting a larger price tag then that.

    Unfortunately, I have no use for PureOS at this point in time. Still stuck with Windows until I retire. I hope they'll still be around by then.

    1. Snake Silver badge

      Re: Checked out their site, looks good

      According to the Wiki article on Intel's ME, you can't avoid the IME security vulnerability as it is a module that the CPU core requires for boot. IME's functionality can be reduced, but never fully eliminated. So is this truly "security" or simply a sense of one, some things still existing but the user under the impression that they are under control here?

    2. Michael Wojcik Silver badge

      Re: Checked out their site, looks good

      I'd like it if it had an isometric mouse. But it doesn't, and considering how their marketing waxes rhapsodic over the damn touchpad, it doesn't look like they'll ever release a model with one. Oh, well.

  2. Anonymous Coward
    Anonymous Coward

    If they are touting security ...

    ... then they would have been better going with AMD rather than intel

    1. deive

      Re: If they are touting security ...

      I really want one, but I will not buy intel :-(

      People have been asking for a while, interesting discussions around the different trust platforms being a fairly valid reason why they haven't

      They do now have an ARM device, so maybe they will consider some more machines based on that instead?

      1. Dan 55 Silver badge

        Re: If they are touting security ...

        It it possible to disable AMD's PSP? If not, maybe Intel is more secure than AMD after all.

        1. ExampleOne

          Re: If they are touting security ...

          Well, as it is not possible to 100% disable the Intel Management Engine, despite LibreMs marketing claims, I am not sure it makes any difference. At least some of its functions are critical to keeping the system running. The HAP bit, which is what LibreM are setting, supposedly disables all the non-essential functionality but Intel have refused to ever confirm or deny that, and frankly are probably not trustable even if they were to.

          If you truly want a Management Engine free system, your options are either very old AMD, even older Intel, Via (IIRC) or non-x86.

        2. whitepines

          Re: If they are touting security ...

          It it possible to disable AMD's PSP?

          No. And don't be misled by the "PSP disable" setting in some BIOS versions. It should have been labelled "hide PSP" not "disable PSP", as the former is what it actually does.

  3. adam payne

    The mini looks sleek and sexy but why the Intel chip?

    1. Nick Ryan Silver badge

      Probably because when the system was first designed, likely quite a lot of months ago, the Intel processor had the best performance*.

      I'm just amazed that they can somehow squash the Intel Management Engine seeing as thought that it was built into the CPU

      *noting that Intel have repeatedly sacrificed security for performance, although I doubt that this was wholly intentional.

      1. vir

        "I'm just amazed that they can somehow squash the Intel Management Engine seeing as thought that it was built into the CPU"

        Kind of. It looks like they set the HAP bit and erase as much of the firmware as they can, but this still leaves the system vulnerable to the SA-00086 exploit. I wonder if they disconnect the +5VSB and +12VSB rails when the system is powered down so that the engine isn't running when the computer is "off".

        1. Snake Silver badge

          5V and 12V rails

          Just thinking about your question and I came up with: is it truly necessary?

          Upon more consideration, IME is designed to allow system administrators access to configuration setup, even when powered off. The logical method for this would seem to be via Ethernet.

          So do you need to try to fool the power rail, monitor triggers (power switch) and CPU, when instead you can simply fully and completely disconnect, or power-kill, networking inputs?

          1. whitepines

            Re: 5V and 12V rails

            This thing has DMA access to the entire system. USB, network, add-on cards, you name it, it has access.

            So no, that won't work.

            1. Snake Silver badge

              Re: Won't work

              True with DMA access, but the discussion point was vulnerabilities when powered off. Only external communication buses need be discussed when talking about this; a DMA access to an add-in card is extremely unlikely to provide an insertion point for a firmware attack.

              So that leaves USB, FireWire, Thunderbolt, eSATA, Ethernet and a few other external communication lines that Intel has included in their hardware implementations since the creation is IME. I would guess that lines added via external-to-the-Intel-chipset glue logic could easily be forced to power down fully upon system shutdown.

              So we're left with dealing with external bus and communication lines supplied by Intel hardware, where IME support is implemented with little user choice in the matter.

          2. vir

            Re: 5V and 12V rails

            "Just thinking about your question and I came up with: is it truly necessary?"

            Agreed that physically killing the ethernet connection is equivalent. The other vectors probably aren't as important as that would mean that the attacker likely has physical access to the machine anyway. Though it would be interesting to see an exploit over Firewire or HDMI!

  4. Waseem Alkurdi

    Good but not great

    Purism is the ideal candidate for designing the stateless laptop.

    Don't know why they don't ... the concept surely makes sense.

    1. Anonymous Coward
      Black Helicopters

      Re: Good but not great

      The original Chrome CR-48 was something like that, but since then Chrome has had to add features to be usable/useful.

      1. Waseem Alkurdi

        Re: Good but not great

        A stateless laptop isn't a Chromebook. It has persistent storage, but that persistent storage is external to the laptop.

        The whole concept of stateless means that the laptop itself doesn't have any chips capable of storing anything (including malware) - everything is moved to an external USB stick. Therefore, malware can't persist in firmware on the machine because the user can replace the stick on demand.

  5. dajames

    Lead lined?

    The Librem Mini has a small footprint, measuring just 5 inches across and weighing just 1kg ...

    So ... something that seems to have about half the volume of an Acer Revo R3600, or that of maybe half a dozen cased Raspberry Pi model 4 Bs, weighs 25% more than the Acer and ten times as much as the Pi?

    The radiation shielding must be brilliant!

    1. IGotOut Silver badge

      Re: Lead lined?

      It's the Atari ST syndrome.

      People thought it can't possibly have that much power in such a small package. So they made it feel like it had a lot of "stuff" in there. And slapped a load of unnecessary metal work in there. On the upside it did mean you could drop from a great height and still work.

      This may not actually be true of course.

  6. Crypto Monad Silver badge

    If the objective is to build something free of backdoors in the CPU, wouldn't you base it on OpenRISC, or at least ARM?

    1. Waseem Alkurdi

      x86 is well-documented, despite not being open-source, and aside from MEI there's no persistent storage on the CPU (so a reboot should be enough to remove any malicious code provided that it isn't reintroduced on boot).

      1. Crypto Monad Silver badge

        Well-documented as in "Intel have released all the details of the management engine and other similar components, and we trust them to be complete?"

        Or as in "researchers have comprehensively reverse-engineered the billion-transistor silicon, and to the best of their knowledge there are no additional backdoors to be found?"

        I'm not sure either of those fills me with much confidence.

        1. whitepines

          I'm not sure either of those fills me with much confidence.

          Right on -- at one point, evidence of one backdoor would have been taken as strong indication there are others. Have we actually reached a point where cheap is that much more important than secure, to a point where the industry is willing to purposefully turn a blind eye to these things to maintain the illusion?

          Oh, right, IT. This is just another way for the PHB to under-spec kit and make the beancounters happy. Too bad the GDPR doesn't make the PHBs that sign off on this kind of thing personally liable for the predictable consequences.

        2. Waseem Alkurdi

          I said x86 (the architecture), not Intel CPUs themselves. Your question was about how the choice of architecture could affect backdoor presence.

          Backdoors could be built in any hardware including open-source hardware. You have to have perfect control of the supply chain, from the individual silicon wafers, even the machinery used to cut and process the wafers, to the couriers transporting your finished CPUs. An impossible amount of control, plain and simple, even for nation-states.

          Same goes for software. You have to write your own assembly code if you want to be 100% guaranteed to be free of backdoors.

          As you can't, there's still an element of inherent trust.

      2. whitepines

        Erm, you just said "aside from MEI". Since Purism isn't removing or disabling it, there is persistent storage attached to the CPU, and you cannot remove malware injected into it just by a reboot.

        1. Waseem Alkurdi

          As far as it's known from Intel documentation, Intel MEI loads its firmware from an SPI chip on the motherboard, the same one that holds the BIOS/UEFI.

          This project's whole point is to keep only a minimum of MEI components that would still permit the CPU to boot (while obliterating ME functionality).

    2. whitepines

      If the objective is to build something free of backdoors in the CPU, wouldn't you base it on OpenRISC, or at least ARM?

      Strange choices. The two leading open ISAs today are RISC-V and Power, and both are already usable for low compute power tasks in FPGA. The latter does have nice server / desktop chips available too, unlike the ARM server chips that always seem to come with IME equivalents. Agree with the general sentiment though, Intel (or AMD) and security do not belong in the same sentence unless the word "vulnerability" is also used.

      1. d.indjic

        Such as

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like