I am looking to build a Linux gaming machine with open source firmware and Intel ME disabled. Is this viable?

  • Max-P@lemmy.max-p.me
    link
    fedilink
    arrow-up
    39
    ·
    9 days ago

    The BIOS does a lot less than you’d expect, it doesn’t really have an impact on gaming performance. For what it’s worth, I’ve been gaming in a VM for years, and it uses the TianoCore/OVMF/EDK2 firmware, and no issues. Once Linux is booted, it doesn’t really matter all that much. You’re not even allowed to use firmware services after the OS is booted, it’s only meant for bootloaders or simple applications. As long as all the hardware is initialized and configured properly it shouldn’t matter.

    • Atemu@lemmy.ml
      link
      fedilink
      arrow-up
      3
      ·
      7 days ago

      You’d think so but IIRC when Phoronix tested it, Coreboot would always significantly underperform compared to the regular firmware. It wasn’t much but the effect was measurable.

      • Max-P@lemmy.max-p.me
        link
        fedilink
        arrow-up
        2
        ·
        7 days ago

        Yeah it’ll depend on how good your coreboot implementation is. AFAIK it’s pretty good on Chromebooks because Google whereas a corebooted ThinkPad might have some downsides to it.

        The slowdowns I would attribute to likely bad power management, because ultimately the code runs on the CPU with no involvement with the BIOS unless you call into it, which should be very little.

        Looking up the article seems to confirm:

        The main reason it seems for the Dasharo firmware offering lower performance at times was the Core i5 12400 being tested never exceeded a maximum peak frequency of 4.0GHz while the proprietary BIOS successfully hit the 4.4GHz maximum turbo frequency of the i5-12400. Meanwhile the Dasharo firmware never led to the i5-12400 clocking down to 600MHz on all cores as a minimum frequency during idle but there was a ~974MHz.

        I’d expect System76 laptops to have a smaller performance gap if any since it’s a first-party implementation and it’s in their interest for that stuff to work properly. But I don’t have coreboot computers so I can’t validate, that’s all assumptions.

        That said for a 5% performance loss, I’d say it counts as viable. My games VM has a similar hit vs native. I’ve been gaming on Linux well before Proton and Steam and have taken much larger performance hits before just to avoid closing all my work to reboot for break time games.

    • LiveLM@lemmy.zip
      link
      fedilink
      English
      arrow-up
      14
      ·
      9 days ago

      I’ve been gaming in a VM for years

      Tell us more about your setup! I’m assuming you have 2 GPUs and are passing one to the VM for Windows gaming? Is it even worth doing nowadays now that Kernel AC games are banning VMs anyway?

      • Max-P@lemmy.max-p.me
        link
        fedilink
        arrow-up
        15
        ·
        8 days ago

        Yes dual GPU. I set that up like 6 years ago, so its use changed over time. It used to be Windows but now it’s another Linux VM.

        The reason I still use it is it serves as a second seat and is very convenient at that. The GPU’s output is connected to the TV, so the TV gets its own dedicated and independent OS. So my wife can use it when I’m not. When the VM isn’t running I use the card as a render offload, so games get the full power of the better card as well.

        I also use it for toying with macOS and Windows because both of those are basically unusable without some form of 3D acceleration. For Windows I use Looking Glass which makes it feel pretty native performance. I don’t play games in it anymore but I still need to run Visual Studio to build the Windows exes for some projects.

        This week I also used the second card to test out stuff on Bazzite because one if my friends finally made the switch and I need to be able to test things out in it as I have no fucking clue how uBlue works.

  • Captain Aggravated@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    11
    arrow-down
    1
    ·
    9 days ago

    My understanding is there are few desirable motherboards that support Coreboot.

    Don’t like Intel Management Engine? or processors that shit themselves? go AMD.

    • cmnybo@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      22
      ·
      9 days ago

      AMD has the Platform Security Processor. While it supposedly doesn’t have network access, it’s still a block box with full access to all memory.

      • TMP_NKcYUEoM7kXg4qYe@lemmy.world
        link
        fedilink
        arrow-up
        5
        ·
        8 days ago

        As far as I know it’s also less documented. People have dug really deep into Intel ME that they even found a bit that disables most of the ME.

        On the other hand AMD is planning to use coreboot compatible open firmware in the next EPYC generation. Knowing AMD, it will eventually come to the consumer market too. (We’ll see if it will be available before Red Hat drops x11)

        Also there was a phoronix article recently that Intel is too messing around with Coreboot on Xeon.

    • sunzu2@thebrainbin.org
      link
      fedilink
      arrow-up
      1
      ·
      9 days ago

      What would be an example of a desirable mobo and what is the benefit of the coreboot?

      Any am4 options?

      • Captain Aggravated@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        3
        ·
        8 days ago

        By “desirable motherboard” in this context I mean a standard ATX (or standard size variants) motherboard with a currently supported socket and chipset commonly available on the consumer market. To run Intel 13th or 14th gen, or Ryzen 7000 or 9000. I don’t know if you can just buy an MSI or Asrock etc. board and expect to run Coreboot on them.

        What’s the advantage of coreboot? Soothes paranoia mainly. Both Intel and AMD platforms have little black boxes in them that run a separate little OS beneath Windows or Linux that has Ring 0 or similar low-level access to the hardware and could theoretically man in the middle anything done on the machine. Intel’s is MINIX based, it’s called the Intel Management Engine, and it genuinely is a little bit bile inducing reading what it has access to. AMD does have a simlar technology.

        In terms of performance, system stability etc? Very little. Once the kernel is loaded and in control of the hardware the BIOS doesn’t effect much AFAIK.

        I’m not very familiar with it but I’ve not heard much about even AM4 boards being supported. I think of Coreboot (or it’s completely binary blob free fork LibreBoot) and I think of either Purism or System76 and in both cases for their laptops.

        ===

        This kind of thing (the “main” operating system is built atop a secret basement full of god knows what) isn’t restricted to x86 either. On a Raspberry Pi, Linux running on the ARM cores is a second class citizen to ThreadX running on the VideoCore processor.

        • sunzu2@thebrainbin.org
          link
          fedilink
          arrow-up
          1
          ·
          8 days ago

          Thank you laying all of this out. I keep hearing about these issues but how did we get here and why is this being a concern now or am I just learning about it?

          • Captain Aggravated@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            2
            ·
            8 days ago

            My understanding of things like the IME is that its reason for being is mostly benign, it lets enterprise-level IT departments do things like boot computers from across the network and stuff like that. It has no real use to home customers on their private PCs, but it’s included on all systems to simplify engineering; it handles a lot of the early boot process. And it’s always running. The privacy enthusiasts out there who carry a copy of TAILS on their keychains just in case aren’t fond of the fact that there’s a proprietary OS with unrestricted access to memory and networking just sitting there with no way of auditing or monitoring what it was doing.

            This has been a thing for AWHILE now, and the whole coreboot thing…Intel, board manufacturers etc. keep their data so locked up that it’s a challenge to build anything that works, so it’s a miracle we have things like Coreboot at all. They largely concentrate on laptops IIRC, and it’s rare to see full fat desktop motherboards that work with Coreboot.

  • biribiri11@lemmy.ml
    link
    fedilink
    arrow-up
    9
    ·
    edit-2
    8 days ago

    Yes, probably. It is possible to flash and use dasharo (a downstream fork of coreboot) onto a modern MSI Z790A motherboard, which gets you pcie gen 5, 14th gen intel, and so on. I’m not sure if the necessary code to get it running has been upstreamed into coreboot yet. https://docs.dasharo.com/unified/msi/overview/

    From there, you can use corna’s me_cleaner to disable (and clean) the management engine. There are reports of it working on alder lake: https://docs.dasharo.com/unified/msi/overview/

    Here’s a full tutorial on disabling your ME on modern systems: https://github.com/mostav02/Remove_IntelME_FPT?tab=readme-ov-file#neutralizing-me-and-flashing-via-fpt

    To be honest, though, I wouldn’t bother unless you’re doing it for fun. I’m not sure if this entire process necessarily works on the Z790+14th gen intel anyway.

  • timkenhan@sopuli.xyz
    link
    fedilink
    arrow-up
    8
    ·
    8 days ago

    While many comments here are correct that it would affect less than you’d expect, there are things that may not be covered.

    For example:

    • there’s no setting for hyperthreading
    • no way to disable SATA drives, in case you’d like to be selective
    • you’ll need to reflash the BIOS if you want to change boot order permanently

    Also, make sure you have the correct video BIOS.

  • Jumuta@sh.itjust.works
    link
    fedilink
    arrow-up
    4
    arrow-down
    1
    ·
    edit-2
    9 days ago

    yeah i play ksp and rainworld with coreboot+disabled ME thinkpad t430 and it’s fine (coreboot has no performance penalties)

    the only thing coreboot broke in my instance was the passive (cpufreq) powersave cpu scaler for my cpu, but I could just switch to the active (intel_pstate) powersave cpu scaler which is better anyway

    are there modern desktop motherboards/chipsets/bioses that let you disable ME though? the z690/z790 are the only ones that I know can run coreboot (ignoring laptop motherboards), but I thought that still had to run ME?

  • flashgnash@lemm.ee
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    8 days ago

    I’m not sure why it wouldn’t be it doesn’t change how Linux works at runtime does it?