←back to thread

Mini NASes marry NVMe to Intel's efficient chip

(www.jeffgeerling.com)
431 points ingve | 2 comments | 04 Jul 25 15:21 UTC | HN request time: 0.553s | source
Show context
transpute ◴[04 Jul 25 16:30 UTC] No.44465882[source]
Intel N150 is the first consumer Atom [1] CPU (in 15 years!) to include TXT/DRTM for measured system launch with owner-managed keys. At every system boot, this can confirm that immutable components (anything from BIOS+config to the kernel to immutable partitions) have the expected binary hash/tree.

TXT/DRTM can enable AEM (Anti Evil Maid) with Qubes, SystemGuard with Windows IoT and hopefully future support from other operating systems. It would be a valuable feature addition to Proxmox, FreeNAS and OPNsense.

Some (many?) N150 devices from Topton (China) ship without Bootguard fused, which _may_ enable coreboot to be ported to those platforms. Hopefully ODROID (Korea) will ship N150 devices. Then we could have fanless N150 devices with coreboot and DRTM for less-insecure [2] routers and storage.

[1] Gracemont (E-core): https://chipsandcheese.com/p/gracemont-revenge-of-the-atom-c... | https://youtu.be/agUwkj1qTCs (Intel Austin architect, 2021)

[2] "Xfinity using WiFi signals in your house to detect motion", 400 comments, https://news.ycombinator.com/item?id=44426726#44427986

replies(2): >>44467735 #>>44472361 #
1. reanimus ◴[04 Jul 25 20:42 UTC] No.44467735[source]
Where are you seeing devices without Bootguard fused? I'd be very curious to get my hands on some of those...
replies(1): >>44469076 #
2. transpute ◴[05 Jul 25 00:13 UTC] No.44469076[source]
As a Schrödinger-like property, it may vary by observer and not be publicly documented.. One could start with a commercial product that ships with coreboot, then try to find identical hardware from an upstream ODM. A search for "bootguard" or "coreboot" on servethehome forums, odroid/hardkernel forums, phoronix or even HN, may be helpful.