[GLLUG] Linux on Power8

John Edwards john at cornerstonelinux.co.uk
Thu Jun 23 13:27:53 UTC 2016


On Thu, Jun 23, 2016 at 01:16:48PM +0100, dennis--- via GLLUG wrote:
> Can anyone comment about running a Linux desktop environment such as
> Debian or Ubuntu on the Power 8 architecture? Supposedly there's a
> Debian port, but I'd like to know of any possible pitfalls from
> someone who has actually tried it before splashing out a few grand on
> a board.

I can't answer on that question, beyond that Ubuntu support for POWER
CPUs is not great (available but offically unsupported) so I would
look at Debian first. Looking at the Debian websites or asking on a
Debian mailing list will probably get you better information then here
because POWER is very much a niche architecture - especially since
Apple moved to Intel CPUs.

> The reason I ask is that I'm concerned about Intel's so called
> management engine (ME), which I understand to be some sort of hardware
> root kit integrated into every recent Intel chip set that can't be
> overridden or disabled by the host OS, runs its own operating system
> and network stack, and has out of band access all memory and
> peripherals (e.g., wireless, bluetooth, disk controllers, etc.).

If used correctly it's as much a "rootkit" as any other propriety
out-of-band management system such as IPMI or iLo:

These are very useful on servers and other systems which need remote
management independent of the Operating System, and so the Operating
System does not have full control over them.

I've not used the Intel AMT, but have used other systems such as IPMI,
iLo (HP) and DRAC (Dell). They have been around for many years.

The main problem is when people leave these systems open to attack
from untrusted networks, usually through just not knowing they exist.
Even a basic network firewall will block incoming traffic. As for
outgoing traffic to Intel or a "spooky" third party, I have not seen
any evidence for that (but then again I probably don't have the
expertise to find that evidence).

The fact that they usually use closed source software, and security
updates are slow to be released and not widely applied, means that
some people do not trust them:

Also not all machines have an option to disable AMT or IME in the
BIOS, or have it enabled by default, means that more machines are the
potential aims for an attack if one was developed.

But overall I think there were enough scary things in the Snowden
revelations, such as persist compromises of firmware in RAID cards and
hard drives, before we need to invent more without good evidence.

|    John Edwards   Email: john at cornerstonelinux.co.uk    |
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20160623/5334d47e/attachment.sig>

More information about the GLLUG mailing list