3.2 Linux Coreboot Laptop Options

In the last section, we explained why it is important to get a laptop with the Coreboot Startup program rather than the UEFI startup program. Unfortunately, there are very few computer companies producing computers with Coreboot. For example, a company called Minifree produces the only computer certified by the Free Software Foundation. It is a 12 inch laptop that costs about $600 and uses an offshoot of Coreboot called Libreboot. They also sell a 14 inch model for $900. However, these supposedly “state of the art” computers are actually 2008 Lenovo Thinkpads with some minor alterations. Equally bad, neither of these computers have wide enough screens to allow side by side editing. In fact, the screen resolution on these two computers is only 1280 x 800. Side by side editing requires at least a 14 inch high-resolution 1920 x 1080 screen if you want to have a browser and document open at the same time on your desktop.

Here is the screen difference between a 15 ½ inch screen and a 13 inch screen. Note that these screens are measured on the diagonal. The actual width of these screens is about one and one half inches less. In other words, the 15 ½ inch screen is 14 inches wide and the 11 ½ inch screen is only 10 inches wide:

06

There is only one laptop with a 15 ½ inch screen, Coreboot and a full Linux operating system pre-installed. It is the Purism Librem 15. The Librem 15 comes with a version of the Linux Debian operating system called PureOS. This is a good operating system. But it is not as easy to use as the Linux Mint operating system. If you want security, privacy and safety, and is easy to use, the only way to get it is to get a Librem 15 and replace PureOS with Linux Mint.

In the past, the easiest way to create your own Linux computer was to convert any Windows 7 computer made between 2009 to 2012. The five steps are to put all of your documents on a jump drive, then download Linux Mint and create a Linux Mint Live USB stick. Then set the BIOS of the computer to boot from a USB. Then start the computer with the Live USB Stick in place. Linux Mint will replace Windows. Add back your documents to the Mint File Manager and you are free! You can also replace Windows with Linux Mint on a UEFI computer. But you still have the UEFI backdoor and there is no way to remove it on a UEFI computer.

The least expensive option is to purchase Pinebook Pro laptop and use U-boot. This option is $200. However you might have to wait several months to get a Pinebook Pro. Also, by default, Pinebook Pro laptops come with an Emmc hard drive. Thankfully, these are NOT soldered in place. They are removable and can be replaced with a NVME hard drive for about $100. The EMMC drive that comes with the Pinebook Pro is functional for most things. But if you are going to manipulating larger files (such as writing a 400 page book or editing a video), then you definitely want to upgrade to a better hard drive.

Why The Pinebook Pro is a Revolution in Computer Technology

The Pinebook Pro may be the most important new computer ever introduced. Historically, full sized, fully functioning laptops with high resolution screens have cost more than $1000. Adding commercial software often doubled this price. This high price put fully functioning laptops outside the range of most low income parents and cash starved school districts to purchase for their students.

The Pinebook Pro has a retail price of $200 and comes with a 64 GB removable Emmc Drive. It can be upgraded to a 256 GB Solid State Drive for $100. This puts its retail price with a large hard drive at $300 – making it much more affordable for parents and schools than any fully functioning laptop ever.

 

Why a High Speed Processor is not needed on the Pinebook Pro

One reason the Pinebook Pro is so inexpensive is that it uses a System on a Chip ARM processor. ARM processors are not very fast. This is not actually a very big problem. No matter how fast your processor is, your computer is limited by its slowest component which is almost always the hard drive. Even the fastest hard drive is extremely slow when compared to your processor. The bigger your operating system and other programs are, the worse this problem of a slow hard drive becomes. Traditional hard drives aka HDDs are limited by the fact that they are made up of physical, moving parts. Emmc drives are also relatively slow. By sharp contrasts, Solid State Drives or SSDs have no moving parts. This allows them to be dramatically faster than HDDs even though SSDs use half the power of HDDs. Even the slowest SSD is about 50 times faster than the fastest HDD. A Solid State Drive is smaller, faster and more durable (shock resistant) than a traditional spinning hard drive:

07

To determine the speed of your computer system, you also have to consider the operating system that is driving the application or end program. Since the Linux operating system is one third the size of the Windows operating system, it loads any application 3 times faster than the Windows operating system.

January 2, 2018, Update: All Intel Processors subject to the Meltdown and Spectre Backdoors

On January 2, 2018, the Register news website broke the hugely important story that every Intel processor made during the past 10 years has two security flaws and that the patch for these flaws will slow down every Intel computer in the world by 10 to 30 percent. These flaws are called Meltdown and Spectre.
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

08

A partial patch for one of these problems based on a plan called Kaiser, was issued for all Linux computers on December 23, 2017. While Microsoft intended to issue a patch on January 9, 2018, a firestorm of protest caused them to issue an emergency patch on January 3, 2018. Keep in mind that folks are already complaining about the slowness of Windows 10. Imagine what will happen when these already slow computers are slowed down by another 10 to 30 percent. Suddenly, the speed advantage that Linux has over Windows is going to become huge. Think of Linux as a race car capable of going 120 Miles per hour and Windows as a giant truck not able to go more than 40 Miles Per Hour.

The Spectre Meltdown problem is the third major backdoor we have discussed in our book. First, we covered the Windows Operating System backdoor, which goes through holes in the Windows web browser. Second, we reviewed the Microsoft Kill Switch which uses design flaws in the UEFI Startup program. Now we will briefly discuss the design problems of Intel processors.

The reason we need to discuss these newly announced design flaws of Intel Processors is we just spent this entire section recommending Intel processors. Readers will want to know why were are recommending Intel processors when they have such serious flaws. There are two reasons. First, the flaws are much more serious for Windows computers than for Linux computers. Second, there are no models of Chromebooks using high resolution 15 inch screens that use Coreboot and also use a processor made by a company other than Intel. We are certain that as bad as the Meltdown and Spectre problems are, the danger of UEFI – which can remotely turn your computer into a brick in a matter of seconds - is much worse than the dangers presented by Meltdown and Spectre.

The Meltdown and Spectre problems were discovered in April 2017 by a 22 year old researcher named Jann Horn with Google Project Zero. You can read the research reports about these two problems at the following link:
https://meltdownattack.com/

But there is a much deeper danger we need to understand. At the root of the Intel processor problem is something that Intel calls “Speculative Calls.” This is where the name of one of the backdoors, Spectre, comes from. Spectre takes advantage of a flaw in Speculative Calls. In plain English, speculative calls are the Intel processor trying to “guess” what program you will try to load next on your computer and then starts “preloading” the program even before you ask your computer to load the program. Preloading the program will make your computer to appear to be faster than it really is. But the problem is that hackers can use these same speculative calls to gain access to all of your passwords.

On January 3, 2018, Linus Torvalds, the lead programmer for the Linux Foundation criticized the entire process of speculative calls: “Avoid speculative indirect calls in kernel...Any speculative indirect calls in the kernel can be tricked to execute any kernel code, which may allow side channel attacks that can leak arbitrary kernel data. Why is this all done?... A competent CPU engineer would fix this by making sure speculation doesn't happen.”

How could Intel Make Such a Terrible Decision?

In hindsight, the security problems with trying to preload programs all seems obvious. But we need to ask ourselves why Intel felt compelled to use preloading or speculative calls in the first place? The answer, as we have been complaining about for years, is the Microsoft severely bloated code. Both Windows and MS Office are so bloated that they take forever to load. So Intel has been trying to help Microsoft speed up by “preloading” these bloated Windows programs. Thus, we should not blame Intel. We should blame Microsoft for continuing to force such bad code on the rest of us. What we as computer users must face are the consequences of allowing Microsoft to pass off such bad code.

Why has Microsoft been allowed to pass off such bloated code for so many years?
The answer to this question is easy. The US Government is so corrupt that even though three different federal judges found Microsoft guilty of violating the Sherman AntiTrust Act, the US Government has allowed the Microsoft Monopoly to continue. Meanwhile, the situation has gotten so bad that it would cost Microsoft billions of dollars to clean up the bad code in Windows and MS Office. Even worse, cleaning up this code would likely require “breaking” all current Windows computers – meaning the end of the Microsoft Monopoly. What Microsoft really needs to do is throw in the towel and simply tell people to use the Linux operating system with LibreOffice. In short, as long as we as people continue to allow monopolies like Microsoft to exist, we will continue to be stuck with bloated code and force chip makers like Intel to take dangerous short cuts such as preloading to hide the fact that the code is bloated.

Why Linux is Less Affected by Meltdown and Spectre

Because Linux and LibreOffice are both much cleaner code, there is less need for preloading. They are also less affected by the Kaiser patch because they were already very fast programs. Thus, slowing down Linux and/or LibreOffice will still result in them running much faster than Windows or MS Office.

How Much Does the Kaiser Patch Slow Down Linux?

If you are only using simple programs and not taxing your computer, you may not see any slowing down. The following are tests done comparing an Intel i7 “Coffee Lake” computer with a Solid State Drive and an Intel i7 “Broadwell” computer with a spinning drive (the purple bars are before the Kaiser Patch, the green bars are after the Kaiser patch). Both computers were running Linux. There was no before/after difference in the Frames per second for Video Encoding. There was a noticeable difference in Mega Bytes Per Second Test when loading a large file. But the biggest difference was with the latest generation of Intel, called CoffeeLake, when loading 1000 1 MB files:

09

The transfer rate after the Kaiser patch was by 50%. Meanwhile, there was only a 10% decline in the older generation “Broadwell” processor. This is shocking because Intel has been saying that their latest generation of chips is less affected by this problem. In fact, there latest generation of chips is more affected than the older generation of chips. Note that the loss of speed is likely to be much worse for Windows computers because they are already running slow. We predict that there will be problems – especially for Windows programs using the MS DirectX technology.

Here are a couple quotes based on recent real world test results:


Key Point

Windows Surface Book performance ain’t pretty... The write performance dropped by 26 percent. Far worse, though, 4K read and write with high queue depth take a performance hit of 42 percent and 39 percent, respectively. Ouch.
Gordon Mah Ung, PC World,  January 13, 2018

The biggest problem is a slow down in Windows Servers:


Caution

Organizations that have heavily leveraged Microsoft operating systems are more impacted than those who leverage Linux. Customers with large Linux deployments -- 200,000 servers or more -- report almost no impact to business operations. Carl Wright, General Manager TrapX Cybersecurity January 20 2018

The Real Problem is not just a loss of Speed but an Ongoing Loss of Safety

This book is all about promoting the safest possible tools for sharing knowledge. We are certain that the problem is not Intel, it is Microsoft. There is no such thing as computer safety when using Windows. Nor is there safety when using the UEFI startup program. We will continue to monitor the Intel Processor problem. But there is more to this story that is coming out every day.

On January 9, 2018, Microsoft issued a statement admitting the Spectre and Meltdown would significantly slow down Windows computers – especially Windows servers – regardless of the Intel processor used by the server: “Windows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations.”


Caution

Microsoft lags behind Linux when it comes to access control. That is a problem, since the Spectre and Meltdown vulnerabilities depend on hackers having access to the hardware. My recommendation would be to not to use Windows-based servers until Microsoft offers better access control. Use Linux instead. Gene Shablygin, CEO WWPass Cybersecurity January 19 2018

Spectre and Meltdown operate by making remote unauthorized changes. What the above writer means by Access Control is that Linux has a strong permissions system to prevent remote unauthorized changes while Microsoft does not. What the above writer fails to understand is that there is a reason Microsoft allows easy remote access. The reason is that Microsoft wants to be able to remotely access your computer to prevent pirating and maintain their profits and monopoly. Thus, it would be contrary to their business model to provide us with better access control.

The Spectre and Meltdown disaster may be a blessing in disguise as it may finally help computer users understand the need for access control which is another name for computer security. We will not have true computer security until the Microsoft Remote Access backdoor is finally ended. Given that Linux already dominates the server market, due to its greater speed and reliability, this new forced slow down of Windows servers could spell the end of Microsoft in the server market – and the beginning of the end of Microsoft in the consumer computer market.

There appear to be solutions for Linux computers. Kaiser has plugged the Meltdown hole and another tool called Repoline looks promising for plugging the Spectre hole. We have updated our Acer C910 Chromebooks to the Linux 4.4.109 kernel and they are as fast as ever. However, because Windows computers lack the security of Linux, things will only get worse for Windows users over time. As hackers get better at using these new back doors into Windows computers, expect entire waves of new attacks in the coming months.

Equally important, many of the researchers who discovered Spectre and Meltdown have been quoted as saying what we been saying for years – that these “design flaws” aka hidden back doors do not just happen by accident. Many of us believe that Intel never would have designed such problems in the first place. We suspect that Spectre and Meltdown are NSA designed back doors.

10

What’s Next?

In the next article, we will review how to replace the Pure operating system with Linux Mint.