marcan changed the topic of #asahi to: Asahi Linux: porting Linux to Apple Silicon macs | General project discussion | GitHub: https://alx.sh/g | Wiki: https://alx.sh/w | Topics: #asahi-dev #asahi-re #asahi-gpu #asahi-offtopic | Keep things on topic | Logs: https://alx.sh/l/asahi
<milo>
Just out of curiosity, whats to stop apple from killing all but the most basic ARM instructions, and yanking GPU access for non-signed/sanctioned code (after all, aren't there instructions used for indirect access to remote memory and pre-fetch remote memory into the GPU cache)?
<milo>
It seems like ARM provides a nice environment for "locking off" certain instructions, and Apple seems like they would take advantage of this.
<milo>
Sorry if this is a bit of an absurd question.
<tpw_rules>
what is the hardware mechanism they would use to do this?
riker77_ has joined #asahi
riker77 has quit [Ping timeout: 240 seconds]
riker77_ is now known as riker77
<tpw_rules>
unlike on x86 CPUs with SMM, i don't believe apple uses trustzone so there's none of their code running on the main CPU once linux is booted
<tpw_rules>
i could be wrong
<milo>
oh, got it. I thought apple was going to do something like that. I just though that since they have complete control over the chipfab, they could have some of their proprietary code flip some sort of chicken-bit bit or something that doesn't allow certain instructions through. I assume if they did this, enough reverse engineering could fix this however.
<tpw_rules>
why on earth would they do that?
<milo>
I have absolutly no idea whatsoever. Again, sorry for the absurd question :|
<tpw_rules>
i mean it would be very easy to make the hardware not allow those bits to be un-set. but what could they possibly gain by doing that? why are there so many weird conspiracy theories about apple doing all this hard work to build this bridge to unsigned OSes then shouting "LOLOLOLOL" and burning it down
<milo>
true, true
<JTL>
tpw_rules: I think some people are cynical given how much iDevices are otherwise locked down
<JTL>
and I could be wrong, but it was unclear before M1 release how much "control" you'd have over the hardwre sans exploits.
<JTL>
iirc
<tpw_rules>
idk in my head the fact that they're doing anything to open it up is evidence that they want it. they've had a decade to practice locking down and keeping out and here they just said "yeah sure come on in"
<tpw_rules>
i suppose you could draw parallels with sony and otheros regarding crippling the hardware on the way into loading unsigned code, but they had a very clear (if arguably misguided) motivation which was the prevention of piracy
<milo>
that doesn't explain the whole sony rootkit fiasco :D
<milo>
oh wait, sorry, I read that wrong
milo has quit [Quit: milo]
<tpw_rules>
yes it does. they wanted to prevent piracy still
phiologe_ has joined #asahi
isacc has joined #asahi
isacc is now known as milo
phiologe_ has quit [Ping timeout: 260 seconds]
<opticron>
tpw_rules, sony screwing with the camera when unlocking the bootloader on the z3c/aries is the one that got me
<JTL>
Sony hates their customers.
<opticron>
I've just about completely sworn off sony after all their shenanigans
<opticron>
I may eventually buy a ps5, but I'm pretty hesitant
milo has quit [Quit: milo]
* JTL
hasn't bought any Sony products for the past decade.
ex-parrot has left #asahi [#asahi]
Tokamak_ has joined #asahi
Tokamak has quit [Ping timeout: 240 seconds]
Tokamak_ has quit [Ping timeout: 264 seconds]
jhartzell42 has quit [Ping timeout: 264 seconds]
furkan has quit [Ping timeout: 264 seconds]
hspak has quit [Ping timeout: 240 seconds]
hspak has joined #asahi
phiologe_ has joined #asahi
phiologe has quit [Ping timeout: 260 seconds]
phiologe has joined #asahi
jn__ has quit [Ping timeout: 272 seconds]
milo has joined #asahi
phiologe_ has quit [Ping timeout: 260 seconds]
jn__ has joined #asahi
milo has quit [Quit: milo]
furkan has joined #asahi
ah-[m] has quit [*.net *.split]
skillfulman23[m] has quit [*.net *.split]
stylefish[m] has quit [*.net *.split]
clover[m] has quit [*.net *.split]
coinquest[m] has quit [*.net *.split]
os[m] has quit [*.net *.split]
aimileus has quit [*.net *.split]
fried_dede[m] has quit [*.net *.split]
tr0[m] has quit [*.net *.split]
numa[m] has quit [*.net *.split]
Jamie[m] has quit [*.net *.split]
hypergenesis[m] has quit [*.net *.split]
TellowKrinkle[m] has quit [*.net *.split]
randohacker[m] has quit [*.net *.split]
dsads[m] has quit [*.net *.split]
mofux[m] has quit [*.net *.split]
crafteck[m] has quit [*.net *.split]
dpatterbee[m] has quit [*.net *.split]
Jasper[m] has quit [*.net *.split]
marvin24 has quit [*.net *.split]
jinen[m] has quit [*.net *.split]
krishbin[m] has quit [*.net *.split]
CamdenB[m] has quit [*.net *.split]
smist08[m] has quit [*.net *.split]
nhlism[m] has quit [*.net *.split]
rustylerp[m] has quit [*.net *.split]
mikewilks[m] has quit [*.net *.split]
d_u_f_f[m] has quit [*.net *.split]
ConeOfAttack[m] has quit [*.net *.split]
etienneli[m] has quit [*.net *.split]
delogips[m] has quit [*.net *.split]
foxlet has quit [*.net *.split]
bastilian has quit [*.net *.split]
elkaps[m] has quit [*.net *.split]
scubasteve1 has quit [*.net *.split]
ganpa has quit [*.net *.split]
Avion[m] has quit [*.net *.split]
the_darkfire_[m] has quit [*.net *.split]
bjornjulander[m] has quit [*.net *.split]
Icewind[m] has quit [*.net *.split]
blazra has quit [*.net *.split]
loru has quit [*.net *.split]
clayfreeman has quit [*.net *.split]
marvin24 has joined #asahi
krishbin[m] has joined #asahi
rustylerp[m] has joined #asahi
etienneli[m] has joined #asahi
smist08[m] has joined #asahi
CamdenB[m] has joined #asahi
foxlet has joined #asahi
ConeOfAttack[m] has joined #asahi
Avion[m] has joined #asahi
delogips[m] has joined #asahi
elkaps[m] has joined #asahi
ganpa has joined #asahi
blazra has joined #asahi
jinen[m] has joined #asahi
loru has joined #asahi
mikewilks[m] has joined #asahi
d_u_f_f[m] has joined #asahi
nhlism[m] has joined #asahi
scubasteve1 has joined #asahi
clayfreeman has joined #asahi
the_darkfire_[m] has joined #asahi
Icewind[m] has joined #asahi
bjornjulander[m] has joined #asahi
bastilian has joined #asahi
shawnj2[m] has quit [Ping timeout: 246 seconds]
wolf511[m] has quit [Ping timeout: 246 seconds]
mellotron1[m] has quit [Ping timeout: 246 seconds]
noneucat has quit [Ping timeout: 246 seconds]
jamesmunns[m] has quit [Ping timeout: 246 seconds]
svenpeter has quit [Ping timeout: 246 seconds]
notafile has quit [Ping timeout: 246 seconds]
ts170[m] has quit [Ping timeout: 240 seconds]
sta[m] has quit [Ping timeout: 240 seconds]
khronokernel[m] has quit [Ping timeout: 240 seconds]
devinvs[m] has quit [Ping timeout: 240 seconds]
mcnight[m] has quit [Ping timeout: 240 seconds]
printfn[m] has quit [Ping timeout: 240 seconds]
Bennett[m] has quit [Ping timeout: 240 seconds]
liur[m] has quit [Ping timeout: 240 seconds]
jevinskie[m] has quit [Ping timeout: 240 seconds]
ar88kk[m] has quit [Ping timeout: 240 seconds]
josiahmendes[m] has quit [Ping timeout: 240 seconds]
izzyisles[m] has quit [Ping timeout: 240 seconds]
enverb[m] has quit [Ping timeout: 240 seconds]
nufflee[m] has quit [Ping timeout: 240 seconds]
rootspring[m] has quit [Ping timeout: 240 seconds]
ashton314[m] has quit [Ping timeout: 240 seconds]
alexx2[m] has quit [Ping timeout: 240 seconds]
M1f4a9[m] has quit [Ping timeout: 240 seconds]
redbluescreen[m] has quit [Ping timeout: 240 seconds]
Bastian[m] has quit [Ping timeout: 240 seconds]
_alice has quit [Ping timeout: 240 seconds]
f4n4tix[m] has quit [Ping timeout: 240 seconds]
bakk[m] has quit [Ping timeout: 248 seconds]
lev[m]1 has quit [Ping timeout: 248 seconds]
reispflanze[m] has quit [Ping timeout: 248 seconds]
hwatwasthat[m] has quit [Ping timeout: 248 seconds]
pedrojordao[m] has quit [Ping timeout: 248 seconds]
Standemonium[m] has quit [Ping timeout: 248 seconds]
ldhacker[m] has quit [Ping timeout: 248 seconds]
alexanderwillner has quit [Ping timeout: 248 seconds]
davidrysk[m] has quit [Ping timeout: 248 seconds]
m1kr0[m] has quit [Ping timeout: 248 seconds]
asmon[m] has quit [Ping timeout: 248 seconds]
bylaws has quit [Ping timeout: 248 seconds]
winocm has quit [Ping timeout: 248 seconds]
emily has quit [Ping timeout: 248 seconds]
Eighth_Doctor has quit [Ping timeout: 248 seconds]
ponikrf[m] has quit [Ping timeout: 246 seconds]
nirusu[m] has quit [Ping timeout: 246 seconds]
u3126[m] has quit [Ping timeout: 265 seconds]
LeonardJanisRobe has quit [Ping timeout: 265 seconds]
newmerck[m] has quit [Ping timeout: 265 seconds]
botoxparty[m] has quit [Ping timeout: 265 seconds]
dyniec[m] has quit [Ping timeout: 265 seconds]
Alex[m]5 has quit [Ping timeout: 265 seconds]
flokk[m] has quit [Ping timeout: 265 seconds]
ronyrus[m] has quit [Ping timeout: 265 seconds]
dwhatley[m] has quit [Ping timeout: 265 seconds]
iparaskev[m] has quit [Ping timeout: 265 seconds]
jean-franoiswitz has quit [Ping timeout: 265 seconds]
brentr123[m] has quit [Ping timeout: 265 seconds]
assusdan[m] has quit [Ping timeout: 265 seconds]
ryanhrob[m] has quit [Ping timeout: 265 seconds]
konradybcio has quit [Ping timeout: 265 seconds]
bfredl has quit [Ping timeout: 265 seconds]
thecake21[m] has quit [Ping timeout: 265 seconds]
nickray has quit [Ping timeout: 265 seconds]
nhlism[m] has quit [Ping timeout: 258 seconds]
etienneli[m] has quit [Ping timeout: 258 seconds]
d_u_f_f[m] has quit [Ping timeout: 258 seconds]
mikewilks[m] has quit [Ping timeout: 258 seconds]
CamdenB[m] has quit [Ping timeout: 258 seconds]
rustylerp[m] has quit [Ping timeout: 258 seconds]
smist08[m] has quit [Ping timeout: 258 seconds]
ConeOfAttack[m] has quit [Ping timeout: 258 seconds]
ganpa has quit [Ping timeout: 258 seconds]
delogips[m] has quit [Ping timeout: 258 seconds]
Avion[m] has quit [Ping timeout: 258 seconds]
foxlet has quit [Ping timeout: 258 seconds]
jinen[m] has quit [Ping timeout: 258 seconds]
elkaps[m] has quit [Ping timeout: 258 seconds]
bastilian has quit [Ping timeout: 258 seconds]
bjornjulander[m] has quit [Ping timeout: 258 seconds]
Icewind[m] has quit [Ping timeout: 258 seconds]
the_darkfire_[m] has quit [Ping timeout: 258 seconds]
scubasteve1 has quit [Ping timeout: 258 seconds]
blazra has quit [Ping timeout: 258 seconds]
krishbin[m] has quit [Ping timeout: 258 seconds]
ksixty has quit [Ping timeout: 260 seconds]
samumartinf[m] has quit [Ping timeout: 260 seconds]
hipboi[m] has quit [Ping timeout: 260 seconds]
fl35[m] has quit [Ping timeout: 260 seconds]
KurtGarloff[m] has quit [Ping timeout: 260 seconds]
hotsndot[m] has quit [Ping timeout: 260 seconds]
julian[m]1 has quit [Ping timeout: 260 seconds]
sumoon[m] has quit [Ping timeout: 260 seconds]
PedroAraujo[m] has quit [Ping timeout: 260 seconds]
nutmanja[m] has quit [Ping timeout: 260 seconds]
citruscitrus[m] has quit [Ping timeout: 260 seconds]
Alice[m] has quit [Ping timeout: 260 seconds]
fridtjof[m] has quit [Ping timeout: 260 seconds]
akda5id[m] has quit [Ping timeout: 268 seconds]
rockinrobstar[m] has quit [Ping timeout: 268 seconds]
Lumi[m] has quit [Ping timeout: 268 seconds]
tarik02[m] has quit [Ping timeout: 268 seconds]
jkao[m] has quit [Ping timeout: 268 seconds]
peterkovar[m] has quit [Ping timeout: 268 seconds]
undvasistas[m] has quit [Ping timeout: 268 seconds]
kingwill101[m] has quit [Ping timeout: 268 seconds]
dancer[m] has quit [Ping timeout: 268 seconds]
erenatas[m] has quit [Ping timeout: 268 seconds]
delroth[m] has quit [Ping timeout: 268 seconds]
sib1234[m] has quit [Ping timeout: 268 seconds]
xerpi[m] has quit [Ping timeout: 268 seconds]
noc0lour has quit [Ping timeout: 268 seconds]
ewlsh[m] has quit [Ping timeout: 268 seconds]
Icewind[m] has joined #asahi
bastilian has joined #asahi
foxlet has joined #asahi
f4n4tix[m] has joined #asahi
emily has joined #asahi
notafile has joined #asahi
bfredl has joined #asahi
bfredl has quit [Changing host]
bfredl has joined #asahi
jamesmunns[m] has joined #asahi
M1f4a9[m] has joined #asahi
hwatwasthat[m] has joined #asahi
svenpeter has joined #asahi
noneucat has joined #asahi
noneucat has quit [Changing host]
noneucat has joined #asahi
ryanhrob[m] has joined #asahi
dwhatley[m] has joined #asahi
flokk[m] has joined #asahi
jean-franoiswitz has joined #asahi
ronyrus[m] has joined #asahi
brentr123[m] has joined #asahi
iparaskev[m] has joined #asahi
Alex[m]5 has joined #asahi
assusdan[m] has joined #asahi
newmerck[m] has joined #asahi
LeonardJanisRobe has joined #asahi
noneucat has quit [*.net *.split]
M1f4a9[m] has quit [*.net *.split]
jamesmunns[m] has quit [*.net *.split]
bfredl has quit [*.net *.split]
tarik02[m] has joined #asahi
ewlsh[m] has joined #asahi
kingwill101[m] has joined #asahi
Lumi[m] has joined #asahi
jkao[m] has joined #asahi
noc0lour has joined #asahi
dancer[m] has joined #asahi
shawnj2[m] has joined #asahi
wolf511[m] has joined #asahi
mellotron1[m] has joined #asahi
rockinrobstar[m] has joined #asahi
noneucat has joined #asahi
jamesmunns[m] has joined #asahi
bfredl has joined #asahi
M1f4a9[m] has joined #asahi
ts170[m] has joined #asahi
bfredl has joined #asahi
bfredl has quit [Changing host]
jamesmunns[m] has joined #asahi
jamesmunns[m] has quit [Changing host]
M1f4a9[m] has joined #asahi
M1f4a9[m] has quit [Changing host]
noneucat has quit [Changing host]
noneucat has joined #asahi
svenpeter has quit [Ping timeout: 240 seconds]
bastilian has quit [Ping timeout: 246 seconds]
jamesmunns[m] has quit [Ping timeout: 244 seconds]
kingwill101[m] has quit [Ping timeout: 240 seconds]
notafile has quit [Ping timeout: 258 seconds]
emily has quit [Ping timeout: 265 seconds]
ewlsh[m] has quit [Ping timeout: 240 seconds]
iparaskev[m] has quit [Ping timeout: 240 seconds]
dwhatley[m] has quit [Ping timeout: 240 seconds]
foxlet has quit [Ping timeout: 260 seconds]
dancer[m] has quit [Ping timeout: 258 seconds]
rockinrobstar[m] has quit [Ping timeout: 246 seconds]
brentr123[m] has quit [Ping timeout: 246 seconds]
Lumi[m] has quit [Ping timeout: 268 seconds]
noc0lour has quit [Ping timeout: 268 seconds]
LeonardJanisRobe has quit [Ping timeout: 268 seconds]
newmerck[m] has quit [Ping timeout: 265 seconds]
hwatwasthat[m] has quit [Ping timeout: 265 seconds]
mellotron1[m] has quit [Ping timeout: 240 seconds]
shawnj2[m] has quit [Ping timeout: 240 seconds]
assusdan[m] has quit [Ping timeout: 260 seconds]
Alex[m]5 has quit [Ping timeout: 260 seconds]
ronyrus[m] has quit [Ping timeout: 260 seconds]
flokk[m] has quit [Ping timeout: 258 seconds]
wolf511[m] has quit [Ping timeout: 268 seconds]
Tokamak has joined #asahi
ts170[m] has quit [Ping timeout: 260 seconds]
f4n4tix[m] has quit [Ping timeout: 240 seconds]
bfredl has quit [Ping timeout: 244 seconds]
noneucat has quit [Ping timeout: 244 seconds]
tarik02[m] has quit [Ping timeout: 240 seconds]
ryanhrob[m] has quit [Ping timeout: 240 seconds]
jean-franoiswitz has quit [Ping timeout: 240 seconds]
Icewind[m] has quit [Ping timeout: 240 seconds]
jkao[m] has quit [Ping timeout: 268 seconds]
artemist has quit [Ping timeout: 264 seconds]
artemist has joined #asahi
milo has joined #asahi
taziden has quit [Ping timeout: 260 seconds]
enverb[m] has joined #asahi
devinvs[m] has joined #asahi
rootspring[m] has joined #asahi
khronokernel[m] has joined #asahi
Bastian[m] has joined #asahi
ar88kk[m] has joined #asahi
Bennett[m] has joined #asahi
printfn[m] has joined #asahi
sta[m] has joined #asahi
liur[m] has joined #asahi
ksixty has joined #asahi
nufflee[m] has joined #asahi
josiahmendes[m] has joined #asahi
thecake21[m] has joined #asahi
izzyisles[m] has joined #asahi
jevinskie[m] has joined #asahi
bylaws has joined #asahi
m1kr0[m] has joined #asahi
akda5id[m] has joined #asahi
konradybcio has joined #asahi
botoxparty[m] has joined #asahi
Standemonium[m] has joined #asahi
bakk[m] has joined #asahi
sumoon[m] has joined #asahi
KurtGarloff[m] has joined #asahi
hotsndot[m] has joined #asahi
citruscitrus[m] has joined #asahi
hipboi[m] has joined #asahi
u3126[m] has joined #asahi
lev[m]1 has joined #asahi
alexanderwillner has joined #asahi
nirusu[m] has joined #asahi
delroth[m] has joined #asahi
peterkovar[m] has joined #asahi
alexx2[m] has joined #asahi
os[m] has joined #asahi
ah-[m] has joined #asahi
clover[m] has joined #asahi
aimileus has joined #asahi
tr0[m] has joined #asahi
skillfulman23[m] has joined #asahi
coinquest[m] has joined #asahi
fried_dede[m] has joined #asahi
ldhacker[m] has joined #asahi
pedrojordao[m] has joined #asahi
winocm has joined #asahi
_alice has joined #asahi
fl35[m] has joined #asahi
Alice[m] has joined #asahi
asmon[m] has joined #asahi
stylefish[m] has joined #asahi
nickray has joined #asahi
reispflanze[m] has joined #asahi
ponikrf[m] has joined #asahi
davidrysk[m] has joined #asahi
julian[m]1 has joined #asahi
samumartinf[m] has joined #asahi
fridtjof[m] has joined #asahi
ganpa has joined #asahi
taziden has joined #asahi
dyniec[m] has joined #asahi
xerpi[m] has joined #asahi
ashton314[m] has joined #asahi
redbluescreen[m] has joined #asahi
PedroAraujo[m] has joined #asahi
nutmanja[m] has joined #asahi
Eighth_Doctor has joined #asahi
mcnight[m] has joined #asahi
Avion[m] has joined #asahi
blazra has joined #asahi
krishbin[m] has joined #asahi
bjornjulander[m] has joined #asahi
the_darkfire_[m] has joined #asahi
rustylerp[m] has joined #asahi
delogips[m] has joined #asahi
d_u_f_f[m] has joined #asahi
jinen[m] has joined #asahi
ConeOfAttack[m] has joined #asahi
scubasteve1 has joined #asahi
elkaps[m] has joined #asahi
etienneli[m] has joined #asahi
CamdenB[m] has joined #asahi
mikewilks[m] has joined #asahi
nhlism[m] has joined #asahi
smist08[m] has joined #asahi
Jasper[m] has joined #asahi
erenatas[m] has joined #asahi
sib1234[m] has joined #asahi
undvasistas[m] has joined #asahi
TellowKrinkle[m] has joined #asahi
numa[m] has joined #asahi
mofux[m] has joined #asahi
crafteck[m] has joined #asahi
dsads[m] has joined #asahi
Jamie[m] has joined #asahi
randohacker[m] has joined #asahi
dpatterbee[m] has joined #asahi
hypergenesis[m] has joined #asahi
rockinrobstar[m] has joined #asahi
bastilian has joined #asahi
brentr123[m] has joined #asahi
hwatwasthat[m] has joined #asahi
emily has joined #asahi
ronyrus[m] has joined #asahi
LeonardJanisRobe has joined #asahi
foxlet has joined #asahi
Alex[m]5 has joined #asahi
Lumi[m] has joined #asahi
noc0lour has joined #asahi
artemist has quit [Ping timeout: 246 seconds]
notafile has joined #asahi
dancer[m] has joined #asahi
flokk[m] has joined #asahi
artemist has joined #asahi
<sven>
fwiw, apple probably spent a significant amount of engineering time to build this security model *with* the possibility to do kmutil configure-boot and run our own kernels
<sven>
it would be very very strange if they suddenly decided to remove that again
assusdan[m] has joined #asahi
ts170[m] has joined #asahi
<sven>
and because they have this secure enclave/SEP/however-it's-called-these-days they can just lock the keys for their DRM schemes in there before booting an untrusted kernel
svenpeter has joined #asahi
jamesmunns[m] has joined #asahi
bfredl has joined #asahi
f4n4tix[m] has joined #asahi
kingwill101[m] has joined #asahi
dwhatley[m] has joined #asahi
ewlsh[m] has joined #asahi
iparaskev[m] has joined #asahi
newmerck[m] has joined #asahi
noneucat has joined #asahi
M1f4a9[m] has joined #asahi
ryanhrob[m] has joined #asahi
tarik02[m] has joined #asahi
mellotron1[m] has joined #asahi
shawnj2[m] has joined #asahi
wolf511[m] has joined #asahi
jean-franoiswitz has joined #asahi
Icewind[m] has joined #asahi
jkao[m] has joined #asahi
phiologe_ has joined #asahi
phiologe_ has quit [Ping timeout: 240 seconds]
VinDuv has joined #asahi
phiologe_ has joined #asahi
Tokamak has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<dottedmag>
We are talking about a company that has a decision-making process that produced Escape-less keyboard for Pro laptop. Down the road someone inside might decide that untrusted kernels are not such a great idea after all.
<dottedmag>
And suddenly booting into macOS might update second-stage loader and prevent unsigned code from running.
phiologe_ has joined #asahi
phiologe_ has quit [Ping timeout: 256 seconds]
<Fanfwe>
Reminds me of an old story featuring Sony and PS3 consoles :)
<winocm>
you can still dual boot the older OSes you know
furkan has quit [Ping timeout: 246 seconds]
<dhewg>
removing features at a later point is a legal risks, users can sue as that feature could have been a buying decision
<dhewg>
so the enabling of booting unsigned kernels is likely well thought through
<JTL>
No one got OtherOS back officially after removal, just a settlement check.
<JTL>
:/
<winocm>
it was explicitly mentioned in a presentation in WWDC last year.
<dhewg>
yeah, but why risks that? they could've just not enabled that in the first place
<dottedmag>
Quoting myself: "Down the road someone inside might decide that untrusted kernels are not such a great idea after all."
<dottedmag>
It's the problem of ceding (or not gaining) control to somebody else, whose incentives are not aligned.
<dottedmag>
So okay, there is a risk. "Read news before booting macOS, or never connect it to Internet" seems to be a OK compromise for getting a good hardware run Linux.
<marcan>
dottedmag: your argument is "you shouldn't trust apple because they're apple"
<marcan>
Microsoft could push a Surface update at any time to prevent unsigned code from running
<winocm>
At that point, why trust anything?
<marcan>
any motherboard vendor whose windows cloud-connected bullshit you have installed could push a UEFI update at any time to prevent unsigned code from running
<marcan>
Google could push an update to its Pixel devices at any time to prevent unsigned code from running
<winocm>
someone could sneak some bad code into an open source repository too and if no one noticed...
<marcan>
everyone bringing this argument up either does not realize this, or thinks Apple is somehow More Evil than every other company and thus more likely to do this
<marcan>
and yet Apple has never, not once, locked down Macs
<marcan>
so, sorry, but I do not buy this argument
<marcan>
:)
<marcan>
*once* a company shows bad faith with a previously open system (see: sony), then you can start being cynical about them
<marcan>
until then, it's all just fear mongering
<marcan>
because *every* company *can* do this, in practice
<TheJollyRoger>
Hear hear.
<TheJollyRoger>
I wish that more people in the open source/security/privacy community had a more tempered worldview like this, since so much of the self-defeating power user mentality and the products that cater to it works off that kind of fearmongering.
<marcan>
there is very little objective thinking, and a lot of cargo culting, in the open/free software ecosystem when it comes to these discussions these days
<winocm>
Unfortunately, sensationalism and appeal to emotion are stronger than logic and rational thoughts itself
<marcan>
the FSF is a big part of the problem too
<marcan>
because none of the FSF's policies these days are even remotely objective or actually attempting to maximize user freedom
<TheJollyRoger>
Hey um... marcan, I uh... I wanted to say thank you for the mention on Twitter on the debugging cable, I'm really honoured!
<marcan>
but they build these bizarre narratives about what's "good" and "bad" and everything they say is "bad" is like morally fundamentally deeply bad according to them
<marcan>
and then nobody bothers to think back to why stallman started the free software movement
<marcan>
... he did it because he couldn't make this proprietary printer driver do what he wanted
<TheJollyRoger>
I don't have any more cases at this moment but... but if you're OK with me using non-free modelling software to produce a model, I can also produce and send .STP files for cases for debugging cables if you like which would be compatible with most 3D printing software.
<marcan>
it wasn't any Freedom™ bullshit, he just wanted to patch his printer driver
<marcan>
and yet now here we are, having philosophical discussions instead of looking at what maximizes user choice, and user power
<TheJollyRoger>
All I need to know is the exact size of what kind of stuff, PCBs, and wires are going into them.
<marcan>
every time Asahi Linux comes up on reddit/HN/whatever, half the threads are "this is Evil because it's not an Open Platform and you should go support System76/Raptor/Purism" (lol Purism)
* TheJollyRoger
cackles.
<marcan>
all those people forget that having the *choice* to install Linux on a device is a *good thing*
<marcan>
but that's the FSF mentality
<marcan>
the FSF believes having the *choice* to update a proprietary blob is fundamentally immoral
<marcan>
and will only certify devices where proprietary blobs are immutable
<marcan>
it's bass-ackwards
<marcan>
but here we are :)
* TheJollyRoger
groans.
<winocm>
Aren’t there certain contractual obligations and legal requirements that people have to follow that lead to this binary blob and DRM nonsense too?
<marcan>
what do you mean?
<winocm>
like, the use of HDCP in a BluRay player
<TheJollyRoger>
I kind of wonder if they would look the other way if I put a Windows NT kernel into a ROM chip, got the computer to boot from that, and called it "bootROM".
<winocm>
or patent encumbered memory training blobs
<marcan>
winocm: that's part of it, but there are ways around that of course
<winocm>
it would be nicer if this wasn’t such a terrible mess in the first place but such is bureaucracy:(
<marcan>
TheJollyRoger: strictly speaking I could build a computer with an nvidia GPU, a fancy UEFI that locked off a CPU core and ran the nvidia blob driver on it, with a documented IPC interface to issue OpenGL calls across to that core, stick it all into a permanently write protected flash chip, call it an Open System, and it would pass all of the FSF's guidelines to the letter
* TheJollyRoger
gulps.
<marcan>
and Purism did the moral equivalent of this to get their device with proprietary RAM training blob certified
<marcan>
they actually engineered this exact idea
<marcan>
adding cost and wasting engineering hours
<TheJollyRoger>
I'll... I'll take that as 'that's confirmed' then. o.O.
<marcan>
just so they could get the FSF rubber stamp *and the FSF agreed it was the way to go*
<TheJollyRoger>
Shiver me timbers >_<
<TheJollyRoger>
Uncomfortable question arises of what happens when they need to update the firmware on the SoC and modem later due to a security issue, and can't simply roll out a new OTA.
<TheJollyRoger>
I... I guess nobody thought of that.
<marcan>
I'm sure people at the FSF thought of that
<marcan>
they just don't care :)
* TheJollyRoger
snorts rum out his nose.
<marcan>
the FSF's ideals come from an era where firmware didn't exist, and there was a clear bright line between software and hardware, and open hardware wasn't even remotely a thing anyway
<marcan>
that's all obsolete now
<marcan>
but they still try to push through like their absolutes make sense
<TheJollyRoger>
Sheesh.
<marcan>
I've said it before, open platforms don't exist
<marcan>
if your OS is open, what about your boot firmware?
<marcan>
if your boot firmware is open, what about your boot ROM?
<marcan>
if your boot ROM is open, what about your HDL?
<marcan>
If your HDL is open, what about your standard cell library?
<marcan>
If your standard cell library is open, what about your fab process?
<marcan>
If your fab process is open, what about the synthesis process for the required process chemicals?
<marcan>
if your process chemical synthesis is open, what about the raw material extraction?
<marcan>
once we get all the way there, maybe we'll be able to claim True Freedom
<bkero>
Define open when applied to raw mineral extraction
<marcan>
until then, all people are doing are drawing arbitrary squiggly lines shaped just right so they can claim to be More Free than the next guy
<marcan>
and none of this is relevant to users
<marcan>
and worse, it pushes things over across the line to being less free
<marcan>
because those lines give you a convenient carpet to shove things under
<marcan>
and in the end we end up with wasted time, money, and less user freedom
* TheJollyRoger
starts drowning his sorrows.
<dhewg>
i remember the purism story, what blob did they shove into firmware?
<marcan>
RAM training
<TheJollyRoger>
Well...
<marcan>
there are 3 CPUs involved
<dhewg>
it was more than that, right?
<marcan>
main CPU, some side core, and the microcontroller in the DDR PHY
<marcan>
normally, the main CPU dumps that firmware into the DDR PHY, hits the run bit, and that's that
<marcan>
but that wouldn't pass FSF certification, because you can't put that blob into your OS image, that would be a blob
<marcan>
so they added an external flash *just for the blob*
<marcan>
but that still wouldn't pass FSF certification, because if the main CPU loads the blob from external flash and into the DDR PHY, the main CPU gets digital cooties since it touched the bits of a blob (even if it didn't *run* it)
<marcan>
so instead they wrote a stub loader for a side core that happened to be in the SoC
<marcan>
main CPU bootstraps some open side loder into the side CPU
<marcan>
side CPU loads blob from flash, into DDR PHY, hits run bit
<marcan>
woohoo, now it's an Open System!
<marcan>
nevermind that now you can't even easily update the blob, or even see it to reverse engineering it to make sure the DDR PHY (which obviously has R/W access to all your data) isn't backdoored by the NSA
<TheJollyRoger>
Good gravy. It's even worse than I thought it was.
<marcan>
it's Open™
<marcan>
Respects Your Freedom™
<marcan>
I said this was dumb and less free on Twitter and a Purism guy argued with me it wasn't because
<marcan>
1) you *could* just throw this all away, ignore the flash, and stick the blob into u-boot in your own OS build like a normal person (yes, yes you could... so your argument is end-users can ignore your waste of time and money and do things the sane way, right)
<TheJollyRoger>
I thought that it required a signed and verified precompiled firmware binary for the GPU on the SoC and for the modem, but this is way worse.
<marcan>
and 2) the flash was used for the USB-PD firmware too anyway so it wasn't added cost (yes... because you got lucky; that PD controller did not exist in the hardware versions the FSF Anti-Cooties System was developed for, it got added later and reused the same flash)
raster has joined #asahi
raster has quit [Remote host closed the connection]
<marcan>
TheJollyRoger: there are other blobs; the FSF position is that as long as they're in external flash not touched by the main CPU it's ok
<marcan>
the PD controller has a blob, the modem has a blob
raster has joined #asahi
<marcan>
what Purism did was build something analogous to that for the RAM training blob
<marcan>
anyway, sorry for the diatribe; I'm just a bit burned out of the Freedom™ crowd
furkan has joined #asahi
<bylaws>
Couldn't they also have just REd the blob rewritten it?
<marcan>
at least for Asahi Linux Apple loads all the firmware for us except wi-fi, so FSF converts can rest assured buying an M1 Mac is just as free as buying any other random PC off the shelf, as long as they choose not to use the wi-fi :)
<bylaws>
That's what we did on switch
<TheJollyRoger>
I... I can definitely see why. We get a few of those super toxic self-defeating privacy enthusiasts over at my home channel and they're aggravating.
<marcan>
bylaws: yes, but 1) they probably don't know how to do that, and 2) that would probably violate whatever license they got the blob under
<bylaws>
Ah of course, don't wanna do that when they're the ones supplying the parts
<dhewg>
oh, that was you on the switch? i remember us extracting some binary dd4 ram training binary, embedding that into coreboot and hoping for the best while blindly jumping into that blob
<marcan>
incidentally, that Purism device has the ~same PD controller as the Macs :)
<marcan>
dhewg: the training binary came from the Chromebook Pixel
<marcan>
that was the only place you could find it :D
<TheJollyRoger>
Wow.
<marcan>
it's in their factory images
<dhewg>
ah, right
<marcan>
apparently Google couldn't get that bit open sourced, it's IIRC the *only* bit of main-cpu code in the entire Chromebook Pixel that isn't OSS
<marcan>
so that give you an idea of just how stupid the bureaucracy around that PHY stuff is
<marcan>
but Google does have the code of course
<marcan>
so they built it as a blob you just jump into and it trains the RAM and returns with some info structures
<marcan>
and just made their bootloader capable of loading it from a file/thing in the firmware image and run it
<marcan>
but the only place you can actually *get* it from is their factory images
<marcan>
nobody redistributes the blob alone as necessary for the build process
<marcan>
er sorry, Pixel C was it?
<marcan>
I keep mixing devices up
<marcan>
yeah, Pixel C
<marcan>
Chromebook Pixel was intel
<marcan>
C P, P C...
<marcan>
oh right, the Pixel C was *originally* supposed to run chromeos
<marcan>
but then somehow became android
<marcan>
hence why it's so open, because the chromeos team cares about this stuff, the android team does not
<marcan>
:)
<TheJollyRoger>
Woah.
<bylaws>
dhewg: oh no not me
furkan has quit [Read error: Connection reset by peer]
<bylaws>
Hekate dev
<bylaws>
He reverse engineered the HOS blob and created an oss version
<marcan>
that seems.... silly
<dhewg>
hm ok, that was a little after we stopped messing with the switch
<marcan>
why reverse engineer the HOS blob, which came from a non-redistributable source
<marcan>
instead of the Pixel C blob, which does
<bylaws>
Which we use in android, coreboot etc now
<marcan>
that's unnecessary exposure
furkan has joined #asahi
<bylaws>
<marcan "instead of the Pixel C blob, whi"> Because pixel C is fairly out of date
<marcan>
they are the same blob
<bylaws>
There are a lot of MTC versions
<marcan>
sure but the pixel c one worked on the switch IIRC?
<bylaws>
HOS has a much newer version with a lot of fixes for better performance
<marcan>
lol
<dhewg>
oh haha
<dhewg>
but anyway, reversing and/or writing ddr ram training code is a clusterfuck and involes black magic and massive amounts of pain, so props to anyone digging through that
<bylaws>
Yeah its amazing work
<marcan>
well reversing it is "just work"
<marcan>
but the result isn't reeally legal
<marcan>
cleanrooming that would be quite a feat, but nobody has done that yet
<marcan>
I wouldn't ship any open source software built with that RE'd blob
<marcan>
it would actually be much less legal exposure to ship the google blob as-is
<bylaws>
Yeah, it may not be fully but it really doesn't matter
<marcan>
it matters to me
<bylaws>
Well to us at least
<marcan>
and this "it doesn't matter" attitude is why I can't just go taking code from random iOS-related RE projects
<dhewg>
there are SBCs which have open source ddr ram training code in u-boot, but i don't know its origin
<marcan>
dhewg: the POWER stuff (e.g. the Raptor machines) have open DDR4 training code, it's on their git
<marcan>
it varies by soc
<marcan>
but it seems things got really bad with DDR4 and especially LPDDR4
<bylaws>
Besides literally the entire android port is using going against the shield blob license and that won't be changing
<marcan>
different projects might care more/less about this things
<marcan>
but there's a reason I wrote alx.sh/re
<bylaws>
Yup, I'm aware
<marcan>
*these
<marcan>
sometimes you *have* to do binary RE, or do certain things one way because otherwise the hardware won't run
<marcan>
but then, you need to at least attempt to understand it so that you can *prove* what is necessary and what is not
<marcan>
because if you include unnecessary stuff, then that's grounds for losing on any copyright defense
<marcan>
I spent 5 hours on that last stream, but now I can say my code *knows* what it does, does *less* than the corellium code, and what it does fixes real bugs and issues with the chips
<marcan>
I would never ship something like what corellium shipped there :)
<marcan>
I'm 99% sure parts of that are just copyright violations of the macOS startup sequence that have nothing to do with fixing CPU bugs
<dhewg>
magic numbers all over the place, that's clearly not REed at all!!1
<marcan>
that 0x2020a505f020f0f0 business in particular stinks of being related to APRR or something related
<marcan>
I'm not going to throw it in until I can prove it fixes a problem, and if it does I'll reverse engineer exactly what those bits do and document it
<marcan>
(if apple doesn't open source it in xnu first that is)
<marcan>
those don't look like chicken bits, they look like a proprietary CPU feature register containing a table of access permissions or similar
<marcan>
that part of the code isn't even in the chicken bits section of macOS
<marcan>
but you wouldn't know it from the corellium file because they just copied a larger chunk of the startup sequence than just the chicken bits routine
<marcan>
they also copied pointer auth init stuff
<marcan>
which again, is completely unnecessary unless you use apple proprietary pointer auth features
<marcan>
and they could've known this by cross-referencing with public xnu code like I did :)
<j`ey>
marcan: im glad you re-did that chicken bit stuff, for the above reasons!
hspak has quit [Quit: Ping timeout (120 seconds)]
hspak has joined #asahi
<jn__>
a few lines of commented C code is so much nicer to read than that long instruction sequence
el1x has joined #asahi
<dottedmag>
marcan: My argument was "be mindful of this". This equally applies to UEFI updates by any other company. And yes, dual-booting Windows on UEFI PC is the same kind of risk.
<dottedmag>
But yeah, it was silly of me. Apple had, how much, 14 years to do anything like this since they moved to x86? The track record is fine. iOS devices are completely different line of products.
<jn__>
marcan: currently some pages are missing from the docs wiki's side bar. what's the style/convention/policy for maintaining the sidebar?
<marcan>
jn__: no particular policy, more that the sidebar should contain useful stuff, and then maybe some index pages with more info?
<marcan>
feel free to propose/just do something about it
<jn__>
alright
<marcan>
just making it a page list wouldn't be useful of course, github already does that for us
<marcan>
but more like a sensible list of handy pages or entry points
<jn__>
hmm, not sure how to include AIC and/or ARM System Registers, i suppose a summary page for in-SoC hardware would be good
ephe_meral has quit [Ping timeout: 240 seconds]
ephe_meral has joined #asahi
<jn__>
another thing: What's DART?
<j`ey>
IOMMU type thing
furkan has quit [Ping timeout: 260 seconds]
phiologe_ has joined #asahi
vimal has quit [Remote host closed the connection]
ephe_meral has quit [Ping timeout: 246 seconds]
raster has quit [Quit: Gettin' stinky!]
raster has joined #asahi
phiologe_ has quit [Ping timeout: 240 seconds]
phiologe_ has joined #asahi
raster has quit [Quit: Gettin' stinky!]
raster has joined #asahi
phiologe_ has quit [Ping timeout: 240 seconds]
ephe_meral has joined #asahi
raster has quit [Quit: Gettin' stinky!]
raster has joined #asahi
<marcan>
Device Address Resolution Table IIRC
<marcan>
term comes from ppc-era macs
<marcan>
it's an IOMMU
<marcan>
jn__: yeah there should be a hardware index page