[Arm-netbook] Looking for an ARM Netbook !

Wed Jul 4 11:58:33 BST 2012

> From: lkcl luke <luke.leighton at gmail.com>
> Subject: Re: [Arm-netbook] Looking for an ARM Netbook !
> To: "Linux on small ARM machines" <arm-netbook at lists.phcomp.co.uk>
> Received: Wednesday, 4 July, 2012, 9:21 PM
> On Wed, Jul 4, 2012 at 7:04 AM,
> Gordan Bobic <gordan at bobich.net>
> wrote:
> >  On Tue, 3 Jul 2012 21:32:57 +0300, Alexey
> Eromenko <al4321 at gmail.com>
> >  wrote:
> >> Hi All !
> >>
> >> Just as the list name implies, ARM-netbook, is what
> I'm looking for.
> >>
> >> I plan to install Linux+KDE into it, and remove
> Android, or
> >> dual-boot.
> >>
> >> Required parameters:
> >> 1 GB RAM (KDE will not run on 512 MB RAM... will
> swap like crazy)
> >
> >  Depends on what you intend to run. I am typing
> this on a Toshiba AC100
> >  (512MB of RAM, 510MB after you allow 2MB of RAM
> for the 1280x720 frame
> >  buffer) running KDE and Firefox, and I have 250MB
> free RAM with no swap
> >  used. It would start swapping in linking stages
> of big compile jobs, but
> >  with a SuperTalent RC8 USB SSD fitted internally
> (
> >  http://www.altechnative.net/2012/02/07/morebetter-internal-storage-on-the-toshiba-ac100-part-2/
> >  ) swapping isn't particularly painful (2000 4KB
> IOPS on both random
> >  reads and random writes, Sandforce flash
> controller, see:
> >  http://www.altechnative.net/2012/01/25/flash-module-benchmark-collection-sd-cards-cf-cards-usb-sticks/
> >  ).
> >
> >  The only decent option you really have is the
> Asus Transformer, but
> >  unlike an AC100 that you can get for ~ £170 new,
> the Transformer will
> >  set you back more than double that with a
> keyboard.
> 
>  gordan: we've since been made aware that they're under some
> rather
> extreme and very real hacking attack conditions which
> require them to
> be able to audit and verify every single piece of source
> code.  the
> asus transformer, having the tegra 3 and thus having a
> locked-down
> boot BIOS, cannot be trusted because it cannot be verified.
> 
>  the reason why they're interested in the A10 is because it
> does not
> have ARM "Trustzone" and it can be forcibly made to boot
> from SD/MMC
> at the hardware level.

TrustZone keeps two copies of security-critical ARM state; switching between "normal" and "secure" on program request (the "SMC" instruction,) or certain interrupts. Typically a small handler is what's run in "secure" mode, and it's installed during the boot chain. It's not a hypervisor, though it has the effective privileges of one. Bit like x86's SMM, with additional hardware hardening.

If no handler's installed, it's entirely quiescent, so an A10-style boot chain of rom-into-spl is (probably) fine, even if the SoC is TrustZone-capable (at the very least, brom may be small enough to audit to one's satisfaction.)

Anyway, installation's only possible in supervisor mode - if your adversary has that, you have other problems.

>  there's only a couple of other SoC families i know of like
> that - i'd
> have to check, they have e-fuses you can blow to disable any
> on-board
> "secure" boot NAND capability: one's the OMAP series and i
> think the
> other's the samsung S5Pxxxx series.

>  but, yeah, anyway: tom says he's got a suitable A10-based
> laptop that
> meets the requirements, removable WIFI module.
> 
>  l.

(just as an aside: no netbook Atom chipsets are AMT-capable, no AMD netbooks have any kind of OOB management, and hardware UUIDs are typically only readable in supervisor mode, so if websites can see them, &c.)