Started by Qobi, October 12, 2021, 10:25:14 PM

I have some questions regarding the security of Olimex hardware in comparison to other products like the hardware recommended by QubesOS. What are some of the differences between using an x86 Intel based system and an ARM NXP/Allwinner system in terms of security?

x86 Intel CPUs have the IntelME RTOS in them which is neutralized/neutered by flashing the SPI chip on the motherboard. Also they flash the board with the heads/coreboot firmware instead of using the default UEFI/BIOS and they use a linux bootloader. Also, they use a TPM for a hardware root of trust. Unfortunately they use peripherals, internal keyboard and trackpad, which are untrusted and connected to the embedded controller.

Would using an Olimex product like the Teres-I provide for better security from a peripheral device standpoint?

Are there closed source Mali GPU firmware, drivers in the Teres-I?

Can you install Qubes on the Teres-I?



The security question is hard to answer, it is both too abstract and too broad to be answered in one response. Yet, I believe x86 is somehow more vulnerable since it is old and well-known, widespread platform, while ARM is the new kid on the block and people that are knowledgeable enough to exploit it are fewer.

One thing I remember for sure is that the A64 chip, being Cortex-A53 was immune to Spectre and Meltdown exploits.

> Are there closed source Mali GPU firmware, drivers in the Teres-I?

In the official recommended image - yes. We want to demonstrate the hardware capabilities of the unit with the official images. But there are unofficial images without closed source drivers that can be used. Also it is open source software and open source hardware machine - you can use what you have available to make own images with or without drivers and features.

> Can you install Qubes on the Teres-I?

Everything is possible, if there is nothing done already some operating systems might require a lot of knowledge and effort for a single person to get everything working. My advice is to check if Qubes had been tested on Allwinner A64 chip. Can Qubes be installed on Allwinner A64 (ARM Cortex-A53)? Maybe ask the Qubes team.
Thank you for this answer. Where would I find the unofficial images with open source Mali GPU drivers? Could you provide a link or direction? The open source drivers, do they have similar performance to the closed source ones? For example, Linux has open source nouveau drivers for Nvidia GPU, but the closed sourced drivers tend to have better performance. I hope this makes sense.



I can't provide links for unofficial images but I've seen such in this forum. Also Google is your friend.

Open source video drivers lack hardware acceleration which puts more strain on the CPU and some videos and applications might feel sluggish. The closed source ones behave better but you are usually stuck with older kernel and images.
On the olimex.com you will find mostly the official images (older kernel, all hw support).
If you look in this forum in the Teres area you will find for example Armbian:
where mainline kernel is used.

Also Gentoo, Nixos as well as Debian are mentioned in various posts. For debianon see https://wiki.debian.org/InstallingDebianOn/Olimex/Teres-I.