Daniel James's Blog

See a higher-up index of these blog posts here.

Why I'm switching from x86 to ARM and POWER

linkstandalone

For the past few months, I've been in the process of switching away from x86 hardware to things like POWER and ARM hardware. I recently aquired a Pinebook, which is an ARM laptop based on the Pine64 single board PC. I'm intending to purchase either a Talos II Workstation, a Socionext DeveloperBox, or a Raptor Blackbird, which is just a miniature single-socket TALOS II.

The TALOS II uses IBM POWER9 CPUs and is basically a fully powered replacement for an x86 desktop. It has comparable CPU performance in both single and multi-core benchmarks to x86 CPUs. In some cases, it even outperforms x86. Its BSD support is very poor. I think it's possible to install FreeBSD on the TALOS but I'm not sure. It supports Ubuntu, Debian, and Fedora though so the Linux support is much better. I'm heavily considering it because it is able to emulate x86 at decent speeds. I would be able to use this both for home and work, which would allow me to stop using even an x86 desktop for work.

The DeveloperBox is a 24 core ARM based desktop that is also usable as a full development machine. It isn't as powerful in single-core performance as the TALOS or an x86 machine, but it's great in multi-core benchmarks. It also supports OpenBSD, which is something that I strongly prefer. OpenBSD is my favorite operating system so this is a huge selling point for me. The DeveloperBox also has PCIe ports, so I'll be able to use a GPU with a 100% FOSS driver. The GPU driver support is a major downside for ARM machines, so a PCIe port is great.

One reason is I'd like to avoid x86 is for the potential for things like Meltdown and Spectre. Both Meltdown and Spectre actually affect non-x86 CPUs, including both ARM and POWER, however they are both x86 specific exploits. I'd also like to avoid the Intel Management Engine and AMD PSP. These are both separate CPUs embedded in your CPU that you have no access to. They have complete access to everything on your computer, be it RAM or hard drive storage. They are both extremely proprietary and there is no way to audit them at all. Intel ME can be 100% disabled on older Intel CPUs, such as any of the libreboot compatible machines from the Thinkpad XX00 series. On newer Intel Machines, it can only be partially disabled, but there is no way to verify that it is 100 percent disabled. I personally believe that this is an NSA backdoor, but there is no proof due to the proprietary nature of the Intel ME and AMD PSP.

I'll still have to keep an x86 laptop around for work. I'll also be keeping an x86 desktop around for gaming. I'll basically treat it as a game console and segment it onto its own separate VLAN. I also need to replace my home server with a MacchiatoBIN and replace my pfsense router with an Ubiquiti EdgeRouter running OpenBSD. It's hard to believe non-x86 hardware is coming along as far as it has in the past couple of years. I can't wait to be x86-free.

Fri, 23 Nov 2018 22:00:05 -0500