Protectli makes great hardware. But unfortunately intel runs plenty of code with things like management engine that requires Coreboot to disable during boot. It may also be possible that the cpu refuses to boot with ME disabled so maybe coreboot doesn’t always mean doesn’t run proprietary code. True opensource will maybe happen with RISC-V when it comes to routers fast enough to be installed at home or small offices.
That being said, home routers are the least supported devices when it comes to security and privacy. People are running age old firmwares that are known to have exploits. These things are literally so cheap and poorly maintained anything with openwrt is going to be better.
For offices I would not shy away from recommending protectli with openwrt or opnsense as long as there are people with enough expertise to maintain these things long term.
bayindirh · 7h ago
> True opensource will maybe happen with RISC-V
...assuming that the particular processor you're using won't have any proprietary extensions or requirements to bootstrap during power on (with a closed source blob, not unlike onboard firmware).
transpute · 7h ago
It's an older device, but NanoPi R4S 2-port router has blob-free Arm RK3399 with OP-TEE support.
bayindirh · 6h ago
That's nice to hear. I don't think it's impossible, but regardless of the architecture, one needs to be diligent while selecting hardware.
Your comment is also parallel to what I tried to say.
josephcsible · 8h ago
Malicious hardware can fake a successful BIOS flash. I wouldn't start trusting a computer from a random Chinese company just because I flashed Coreboot on it. (To be clear, I'm just saying to avoid that hardware. If you're going to use it anyway, you're definitely better off at least trying this.)
transpute · 7h ago
> Malicious hardware can fake a successful BIOS flash.
Intel TXT DRTM measured launch can verify BIOS hash.
Which non-Chinese router hardware would you recommend? PC Engines (Taiwan, Switzerland) is no more.
> Protectli was founded in 2016 in a Southern California garage with a clear mission: providing reliable, cost-effective, and secure computer equipment that free users from proprietary vendor lock-in and expensive contracts. Today, we’re a global leader in network security hardware with offices across the United States, Canada, and Europe. We are trusted by thousands of customers worldwide, from home users to international corporations.
That being said, home routers are the least supported devices when it comes to security and privacy. People are running age old firmwares that are known to have exploits. These things are literally so cheap and poorly maintained anything with openwrt is going to be better.
For offices I would not shy away from recommending protectli with openwrt or opnsense as long as there are people with enough expertise to maintain these things long term.
...assuming that the particular processor you're using won't have any proprietary extensions or requirements to bootstrap during power on (with a closed source blob, not unlike onboard firmware).
Your comment is also parallel to what I tried to say.
Intel TXT DRTM measured launch can verify BIOS hash.
Which non-Chinese router hardware would you recommend? PC Engines (Taiwan, Switzerland) is no more.
On a related note, "US House Passes Bill to Assess Threats Posed by Foreign Network Routers", https://news.ycombinator.com/item?id=43889149
https://protectli.com/about/
> Protectli was founded in 2016 in a Southern California garage with a clear mission: providing reliable, cost-effective, and secure computer equipment that free users from proprietary vendor lock-in and expensive contracts. Today, we’re a global leader in network security hardware with offices across the United States, Canada, and Europe. We are trusted by thousands of customers worldwide, from home users to international corporations.