There are two schools of thought regarding computers. Complex instruction sets that run at a given speed or reduced instruction sets that - because of the simpler design - are able to run much faster. CISC v/s RISC. They both had their pluses and minuses but in the marketplace, CISC won out.
Now, it seems that RISC is back - for a very good reason. From manufacturer Raptor Computing Systems:
Q: Why POWER9? Why not just package a cheap ARM SoC or x86 processor on a libre-friendly mainboard?
A: As you may be aware, both of the main x86 manufacturers have decided to require non-free, unreplaceable, highly privileged firmware "black boxes" (blobs) in order for their CPUs to function. These blobs are cryptographically signed and verified by the CPU hardware; as such, there is no way to replace them or remove them. Because of their tight integration with basic system operation, even a complete mainboard redesign will not remove them. Worse, public hacks into this system management firmware have already been demonstrated on at least one occasion--and are unpatchable without full vendor cooperation. As a result, some developers have turned to ARM, only to find that ARM does not have the computing power required for many development tasks. ARM-based machines also tend to lack upgradability and expandability, and, unfortunately, ARM is going through its own gradual lockdown regarding higher-performance devices. POWER9 does not have any of these concerns, and brings a wide array of modern technologies to the table without requiring you to give up any of your freedom.
When you look at the complete price of a comparable build-it-yourself x86 bundle--even though POWER9 has state-of-the-art technologies, like PCIe 4 and CAPI 2, that no x86 machine offers-- the Talos™ II bundles are similar in cost. Why lock yourself into the proprietary, insecure x86 ecosystem with hacks on the rise and GDPR-related data breach penalties on the horizon? Make the smart decision and invest in a truly open platform, even if it means relying on open-source applications -- your lower TCO and provable compliance will justify the initial investment.
Q: Wait, so even coreboot won't help me? Why haven't I heard about this?
A: The management firmware in question--the "Management Engine" (ME) on Intel and the "Platform Security Processor" (PSP) on AMD--is a somewhat poorly kept secret, but only a small percentage of users, executives, and organizations are aware of its existence, let alone the danger that the associated centralized control actually poses. Coreboot is unable to boot modern x86 without at least two blobs involved, one of which is mandatory per the hardware-enforced signature checks; while coreboot may be a step in the right direction, it is far from a fully auditable solution on x86. Unfortunately, this situation is permanent, given the current hardware available; it is one of the main reasons for our switch from x86 to OpenPOWER.
Very interesting - big fan of Linux. Had no idea that there was such an embedded back door. Microsoft used to compile Windows for RISC machines - notably DEC Power PCs but stopped with Windows XP or thereabouts. Linux runs fine on these.
Leave a comment