Please suggest completely open source ARM board with A53/A7

If it doesn't relate to Debian, but you still want to share it, please do it here

Please suggest completely open source ARM board with A53/A7

Postby romankqsok » 2019-02-08 11:59

It should boot into Linux or BSD WITHOUT any single BLOB
and following ports should work: USB, SATA, Ethernet, any display
PCI port if present would be desirable too

I do NOT need multimedia like sound, 3D video, etc.

It is a security console for remote administration of servers via SSH and VNC.

Only for work, not for games.
romankqsok
 
Posts: 22
Joined: 2019-01-06 15:04

Re: Please suggest completely open source ARM board with A53

Postby ruwolf » 2019-02-08 12:57

Debian has binary blobs.
PureOS is 100% libre version of Debian (testing release) without any blobs.
What about these micro-computers, e.g. A20-OLinuXino-MICRO?
User avatar
ruwolf
 
Posts: 358
Joined: 2008-02-18 05:04
Location: Slovakia, Banovce nad Bebravou, Matice slovenskej 1260/4-7

Re: Please suggest completely open source ARM board with A53

Postby romankqsok » 2019-02-08 16:23

ruwolf wrote:Debian has binary blobs.
PureOS is 100% libre version of Debian (testing release) without any blobs.
What about these micro-computers, e.g. A20-OLinuXino-MICRO?


I guess it is easy just uninstall firmware packages in Debian and it will become BLOB free too.

Actually I refer non OS BLOBs, but rather BLOBs which are REQUIRED just to start an ARM system.

Raspberry seems requires a BLOB to boot which is bad from security point of view.

I need a hardware 100% free of active BLOBs which are missing public source code.

Someone thinks that Allwinner, STM32, LPC and OMAP can boot 100% free of BLOBs, is it correct?
romankqsok
 
Posts: 22
Joined: 2019-01-06 15:04

Re: Please suggest completely open source ARM board with A53

Postby Head_on_a_Stick » 2019-02-08 19:09

ruwolf wrote:Debian has binary blobs

Not in the official release.

@OP: see https://wiki.debian.org/CheapServerBoxH ... edHardware
User avatar
Head_on_a_Stick
 
Posts: 10342
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Please suggest completely open source ARM board with A53

Postby ruwolf » 2019-02-09 03:07

As you can see also on link from Head_on_a_Stick, OLinuXino's are Open Source Hardware Boards...
User avatar
ruwolf
 
Posts: 358
Joined: 2008-02-18 05:04
Location: Slovakia, Banovce nad Bebravou, Matice slovenskej 1260/4-7

Re: Please suggest completely open source ARM board with A53

Postby romankqsok » 2019-02-09 05:32

Are Orange PI based on Allwinner leass open source?
Do they need any BLOBSs to start without 3D?
romankqsok
 
Posts: 22
Joined: 2019-01-06 15:04

Re: Please suggest completely open source ARM board with A53

Postby romankqsok » 2019-02-09 14:11

Please suggest a netbook (tablet with a keyboard)

Cortex A7 preferably AllWinner A20/A23/A31/A33

Thank you very much for your help!
romankqsok
 
Posts: 22
Joined: 2019-01-06 15:04

Re: Please suggest completely open source ARM board with A53

Postby ruwolf » 2019-02-09 18:18

Teres-A64-White laptop costs 240 € (cca 272 $).
Novena is more expensive (550 $ board + 425 $ case kit).
Pinebooks laptops are cheaper (99 $), but with larger display 14" are currently out of stock, 11.6" are available.
Diskio Pi tablet should be available on August 2019 from 189 € (214 $) without mother-board, but it is not sure.
MNT Reform is only in plan.
User avatar
ruwolf
 
Posts: 358
Joined: 2008-02-18 05:04
Location: Slovakia, Banovce nad Bebravou, Matice slovenskej 1260/4-7

Re: Please suggest completely open source ARM board with A53

Postby romankqsok » 2019-02-09 18:52

Thanks for this list.

TERES looks good, but I am not sure Cortex A53 is secure enough compared to Cortex A7.
What about TrustZone? Speculative execution, branch prediction?

I could not find exact info about which CPU is used in Pinebook, both Rockchip and Allwinner are mentioned on different websites. If understand correct Rockchip requires a blob to boot which is unacceptable for me.
Allwinner is 64 bits too, which on one hand is good for ZFS and may be bad because more modern backdoors have been added into it. I think Cortex A7 like Allwinner A20 is more secure than Cortex A53.
Last edited by romankqsok on 2019-02-10 07:35, edited 1 time in total.
romankqsok
 
Posts: 22
Joined: 2019-01-06 15:04

Re: Please suggest completely open source ARM board with A53

Postby romankqsok » 2019-02-09 19:06

For example EOMA68 Laptop:
https://www.crowdsupply.com/eoma68/micro-desktop

uses 32bit Allwinner A20 instead of a modern 64bit CPU.
I guess Cortex A7 looks like the most open source CPU without backdoors, and that is why we do not see any laptops with it those could easy boot into OpenBSD and Linux.
romankqsok
 
Posts: 22
Joined: 2019-01-06 15:04

Re: Please suggest completely open source ARM board with A53

Postby romankqsok » 2019-02-09 19:16

Please note a few features of a laptop/tablet I am looking for:

1) Spectre free CPU with "in order" execution and not very modern to avoid backdoors like Cortex A7.
2) Open source drivers in a Linux mainline like for AllWinner A20 realization.
3) Able to boot into FreeBSD/OpenBSD
4) May be it can be a custom made laptop from Olimex Olinuxino A20 like this:
https://wot.lv/my-take-on-a-custom-laptop.html
5) USB port able to connect to USB hub with several devices like external USB keyboard, mouse, HDD, etc.
6) BLOB free boot to avoid hardware trojans managing ARM worlds in TrustZone
Last edited by romankqsok on 2019-02-10 07:36, edited 1 time in total.
romankqsok
 
Posts: 22
Joined: 2019-01-06 15:04

Re: Please suggest completely open source ARM board with A53

Postby romankqsok » 2019-02-10 03:29

So I think I have to make a custom Laptop based on a CortexA7 AllWinner board compatible with OpenBSD.

You can see an example of such DIY:

https://web.archive.org/web/20190209180229/https://wot.lv/my-take-on-a-custom-laptop.html

They use a special adapter to convert a general Thinkpad Keyboard to USB channel.

I think such adapter can be found in different Android ARM based smartbooks (not sure about Windows Atom smartbooks). Does anyone know which smartbook have a USB keyboard which could be reused in a custom made Laptop?
romankqsok
 
Posts: 22
Joined: 2019-01-06 15:04

Re: Please suggest completely open source ARM board with A53

Postby pylkko » 2019-02-10 06:55

You mention the word "hardware trojans". I don't know if you realize that many processors come with instructions that are not mentioned in the specification data and that some of these are known to surpass all security. There was a demonstration by Christopher Domas at black hat (https://www.youtube.com/watch?v=_eSAF_qT_FY) where he screened through all of the possible instructions and found one that when he makes the call with asm inserted into a c script and runs it, it gives him root. He is using Debian by the way, and the .c file is compiled and ran at 45:25 approximately in the video above.

As long as the instruction set / practical implementation of it are not openly described, this is always possible in theory (and has been shown to work in practice on some manufacturer's boards). Just because spectre attacks are not applicable to ARM does not mean that there could not be unknown backdoors and problems therein. Perhaps the most safe bet now would be the RISC-V boards from SiFive, but they are quite expensive yet.

In addition to this, there are many peripherals (gpu's ethernet ports, the storage that you connect) on these boards that are sourced by the manufacturers from who knows where and they are not openly described and at times require firmware to run. Most memory cards, hard drives and ssd's have their own processors and RAM and run from closed source firmware. IT is relatively easy to hack these as that is how Chinese organized crime groups sell fake memory sticks and cards on Ebay. Also, there was an aricle on here about how some nation state sponsored attack groups were using spinning disk firmware to remote access machines all over the globe already more than 10 years ago. From some of the most common GPU's used there are projects to reverse engineer drivers, but most of them have limited functionality. etnaviv appears to be the most advanced of these, and it is what Purism are using for their Librem 5 phone and it is running a NXP® i.MX 8M for which they have achieved upstream kernel support. It should probably work for your purposes and you can already by the dev board (for the upcoming phone). I believe the Le Potato can also boot without any blob but uses Mali for graphics.
User avatar
pylkko
 
Posts: 1520
Joined: 2014-11-06 19:02

Re: Please suggest completely open source ARM board with A53

Postby romankqsok » 2019-02-10 07:17

As for avoiding boot trojan on librebooted X86 I can boot from ROM GRUB, very old CD-ROM (20 years) old or from a floppy disk. As I know floppies even do not use any firmware at all, they are completely managed by software driver like a linux floppy module. Though I am not sure if Libreboot can direct execution to a boot sector of a floppy like general BIOS can do.

If a HDD is not used for boot, then how can its firmware influence on computer security except undesirable data change or lost? If using ZFS over dmcrypted HDD will it well track consistency of my data and make firmware not able to access my encrypted data?

X86 is too closed architecture in terms of its internal realization while ARM is more open, RISC command system has less commands, the whole thing is easier than X86 black box.

I think ARM is popular enough now to get support on forums and boot into OpenBSD, and I am not sure it is true for RISC-V cpu.

I do not need 3D or any acceleration on a secure console box, a text mode or slow X11 is enough for work. I prefer to disable all firmware and microcode updates, non-free packages and boot from a secure place like ROM, FDD or old CDROM. Another good thing about ARM it does not have a microcode update which is generally needed to update a X86 blackbox.
romankqsok
 
Posts: 22
Joined: 2019-01-06 15:04


Next

Return to Offtopic

Who is online

Users browsing this forum: No registered users and 9 guests

fashionable