There is a chain of trust in every modern computing device that starts with the code you write yourself, and extends backwards through whatever frameworks you’re using, whatever OS you’re using, whatever drivers you’re using, and ultimately whatever BIOS, UEFI, Secure Boot, or firmware you’re running. With an Intel processor, this chain of trust extends to the Intel Management Engine, a system running independent of the CPU that has access to the network, USB ports, and everything else in the computer.
Needless to say, this chain of trust is untenable. Any attempt to audit every line of code running in a computer will only be met with frustration. There is no modern Intel-based computer that is completely open source, and no computer that can be verified as secure. AMD is just as bad, and recent attempts to create an open computing platform have met with frustration. [Bunnie]’s Novena laptop gets close, but like any engineering task, designing the Novena was an exercise in compromise. You can get around modern BIOSes, coreboot still uses binary blobs, and Libreboot will not be discussed on Hackaday for the time being. There is no modern, completely open, completely secure computing platform. They’re all untrustworthy.
The Talos Secure Workstation, from Raptor Engineering, an an upcoming Crowd Supply campaign is the answer to the untrustworthiness of modern computing. The Talos is an effort to create the world’s first libre workstation. It’s an ATX-compatible motherboard that is fully auditable, from schematics to firmware, without any binary blobs.
RISC architecture is going to change everything.
‘Secure’ isn’t a word you would use in conjunction with a modern Intel processor, and AMD is just as bad. Most ARM processors are out, because there are binary blobs floating around even when the processor isn’t tied up in NDAs. Even graphics are hard to make secure, and while open source GPUs exist, they’re not exactly powerhouses.
To make a computer fully secure, you’ll have to go outside the usual architectures, and the market for a secure computer simply isn’t there to warrant a completely new architecture, anyway. For the Talos, Raptor Engineering chose IBM’s POWER8 processor. This architecture is now most common in computing that has a few more zeros on the price tag than what Microcenter offers, but historically the POWER line can be traced back through the CELL processor, the GameCube, and [Zero Cool]’s sweet clear laptop.
The rest of the hardware includes 8 DDR3 slots supporting 256GB of RAM, 2 x16 PCIe slots, 4 x8 PCIe slots, one legacy PCI slot, an internal mPCIe slot, 8 internal SATA 6Gb ports, 2 external eSATA 6Gb ports, 1 HDMI port, 8 USB 3.0 ports, 2 external and 2 internal RS232 ports, and an internal GPIO header. The full list of specifications and supported operating systems is available on the Raptor Engineering website.
It should be noted this is not the only POWER8 motherboard available. Tyan produces a POWER8 server motherboard, although it is not as open as the Talos. Even with the Talos, there are some restrictions on how open and secure it actually is; thanks to NDAs, some of the PCIe subsystem is not auditable.
Although the Crowd Supply campaign is not live yet, we know the cost of an entry-level Talos system with an 8-core 130W TDP POWER8 CPU will come in at about $5,300. A standalone board less CPU will be available for about $4,000, according to Raptor Engineering. That’s pricey, but not terrible when it comes to high performance enterprise workstations. You’re paying for security and auditability here, and we hope Talos is a success, if only to prove there is a market for truly secure computing.