Re: Debian derivatives census: Inquisitor: status?
>> BTW, Yocto-based LUVos (Linux UEFI Validation) distro, especially it's
>> LUV-live release is probably the best hardware diagnostic distro these
>> days. It bundles BIOS BITS, FTWS, CHIPSEC, and has additional tests.
>> Created -- and actively maintained -- by Intel, targets BIOS/UEFI
>> systems. Linaro is in the middle of porting it -- and its bundled tools
>> -- to AArch64. Debian needs CHIPSEC package at least.
>> https://01.org/linux-uefi-validation
>
> I might be biased, but from what I see in LUVos description, it
> pursues a completely different goal that Inquisitor. LUV concenrates
> on firmware validation, combatting various security issues. It's for
> situation when you suspect that your kernel configuration or something
> like that might be off and thus you just lost some sort of
> functionality you desire in a certain device - not for situations when
> you have 1000s of a given device model with 1% of them having faulty
> hardware.
Yes, I think Intel's initial goal with LUV was to build something that
helped OEMs build systems with proper UEFI. It is also useful for
sysadmins and security researchers.
However, I also consider security issues part of basic hardware
functionality. If I'm buying a new server, I want to see CHIPSEC logs
first, if the hardware is known to be vulnerable, I'm going to return
it, just like if it had a bad mobo.
Intel's BIOS BITS focuses on Intel BIOS-based systems. It contains blobs
of Intel's reference BIOS, and can update a system (unclear how);
presence of those blobs may make any Debian port an issue, non-free
blobs. It has a special GRUB that loads some of it's tests, and has a
Python compiled a native x86 blob, a lot of pre-OS issues that might be
hard for a traditional Debian Installation process.
(Though IMO it'd be nice to add some more pre-OS options in D-I. ALT
Linux Rescue distro includes rEFInd UEFI-based boot manager and UEFI
Shell, to help with install issues. An advanced installer for UEFI
systems should also include UEFI Python and CHIPSEC, in addition to UEFI
Shell. Perhaps Intel's UEFI Disk Utiliities, if the license permits.)
Intel's CHIPSEC focuses on Intel BIOS and UEFI-based firmware security.
It is mostly Python, but has Linux and Windows native drivers. It runs
in UEFI or Linux or Windows. A Debian port would need to strip out the
Windows and perhaps UEFI helper driver code, and separate the Linux
driver from the Python code, most of the same things that LUV does when
integrating CHIPSEC.
Canonical's FWTS focuses on testing if HW/FW is reliable/deterministic
enough to load an OS. :-) There are already Ubuntu packages for this.
Probably the most unique thing about LUV is some of it's embedded UEFI
test code, to handle reboot scenerios (like firmware updates).
If/once Linaro ports to AArch64, then LUV (and CHIPSEC) will be more
useful. Still, no AMD nor AArch64 nor POWER nor MIPS nor etc support.
> Talking about "competitors", I'd say that primary competitor of
> Inquisitor nowadays is PTS[1]. It indeed follows the same basic
> principles (i.e. detecting configuration, running tests, reporting
> results), it indeed has a relatively big user base, but PTS's author
> (Michael Larabel) concenrates mostly on benchmarking stuff, while
> Inquisitor is mostly suited for big-scale burn-in tests.
>
> [1]: http://www.phoronix-test-suite.com/
Agreed, Phoronix is nice.
Inquisitor and Phoronix have many hardware testing abilities that LUV
doesn't have, so they're very useful, LUV isn't touching those features,
as far as I can tell.
Thanks,
Lee
RSS: http://firmwaresecurity.com/feed
Reply to: