top | item 44041358

(no title)

Protectli makes great hardware. But unfortunately intel runs plenty of code with things like management engine that requires Coreboot to disable during boot. It may also be possible that the cpu refuses to boot with ME disabled so maybe coreboot doesn’t always mean doesn’t run proprietary code. True opensource will maybe happen with RISC-V when it comes to routers fast enough to be installed at home or small offices.

That being said, home routers are the least supported devices when it comes to security and privacy. People are running age old firmwares that are known to have exploits. These things are literally so cheap and poorly maintained anything with openwrt is going to be better.

For offices I would not shy away from recommending protectli with openwrt or opnsense as long as there are people with enough expertise to maintain these things long term.

discuss

bayindirh|9 months ago

> True opensource will maybe happen with RISC-V

...assuming that the particular processor you're using won't have any proprietary extensions or requirements to bootstrap during power on (with a closed source blob, not unlike onboard firmware).

transpute|9 months ago

It's an older device, but NanoPi R4S 2-port router has blob-free Arm RK3399 with OP-TEE support.