Article 5ET8Y Review: Blackbird Secure Desktop – a fully open source modern POWER9 workstation without any proprietary code

Review: Blackbird Secure Desktop – a fully open source modern POWER9 workstation without any proprietary code

by
Thom Holwerda
from OSnews on (#5ET8Y)

There's a spectrum of openness when it comes to computers. Most people hover somewhere between fully closed - proprietary hardware, proprietary operating system - and partly open - proprietary hardware, open source operating system. Even if you run Linux on your AMD or Intel machine, you're running it on top of a veritable spider's web of proprietary firmware for networking, graphics, the IME, WiFi, BlueTooth, USB, and more. Even if you opt for something like a System76 machine, which has open firmware as a BIOS replacement and to cover some functions like keyboard lighting, you're still running lots of closed firmware blobs for all kinds of components. It's virtually impossible to free yourself from this web.

Virtually impossible, yes, but not entirely impossible. There are options out there to run a machine that is entirely open source, from firmware all the way up to the applications you run. Sure, I can almost hear you think, but it's going to be some outdated, slow machine that requires tons of tinkering and deep knowledge, out of reach of normal users or people who just want to buy a computer, take it out of the box, and get going.

What if I told you there is a line of modern workstations, with all the modern amenities we've come to expect, that is entirely open? The instruction set, the firmware for the various components, the boot environment, the operating system, and the applications? No firmware blobs, no closed code hiding in various corners, yet modern performance, modern features, and a full, modern operating system?

Full disclosure: Raptor Computing Systems sent us the workstation as a loan, and it will be returned to them. They did not read this review before publication, and placed zero restrictions on anything I could write about.

Now you're playing with POWER

Most people's knowledge and experiences with the Power ISA begins and ends with Apple. The company used Power-based processors from 1994 until 2006, when it switched to using processors from Intel and the x86 ISA. Aside from Apple, there are two other major cornerstones of the Power ISA that most people are familiar with. First, game consoles. The GameCube, Wii, Xbox 360 and PlayStation 3 all used PowerPC-based processors, and were all widely successful. Second, various embedded systems use Power processors as well.

Aside from Apple, game consoles, and embedded systems, IBM has been developing and using processors based on the Power ISA for a long time now. IBM released the first Power processor in 1990, the POWER1, for its servers and supercomputers. They've steadily kept developing their line of processors for decades, and they are currently in the process of rolling out POWER10, which should be available later this year.

Other Power ISA processors you may have heard of, such as the PowerPC G4 or G5 or the various gaming console processors, do not necessarily correspond to IBM's own POWERx generations of processors, but are implementations of the same ISA. The nomenclature of the Power ISA has changed quite a bit over time, and companies like Apple and Sony using their own marketing names to advertise the processors they were using certainly didn't help. To this day, PowerPC is often used as the name of the entire ISA, which is incorrect. The proper name for the ISA today is the Power ISA, but the confusion is understandable.

The Power ISA, and related technologies, have been made freely available by IBM for anyone to use, and the specifications and reference implementations are open source, overseen by the OpenPOWER Foundation. The goal of the OpenPOWER Foundation is to enable the various partners involved in making Power hardware, like IBM, NXP, and others, to work together and promote the use and further development of the open Power ISA. In 2019, the OpenPOWER Foundation became part of the Linux Foundation.

With Apple no longer making any Power-based computers, and with game consoles all having made the transition to x86, you may be left wondering how, exactly, you can get your hands on this fully open hardware. And, even if you could, how exotic and quirky is this hardware going to be? Is this another case of buying discard IBM POWER servers and turning them into very loud workstations with tape and glue, or something unrealistic and outdated no sane person would use?

Thank god, no.

Luckily for us, one company sells mainboards, POWER9 processors, and fully assembled POWER workstations: Raptor Computing Systems. Last year, they sent me their Blackbird Secure Desktop, and after many, many shipping problems caused by UPS losing packages and the effects of COVID-19, I can now finally tell you what it's like to use this truly fully open source computer.

Like what we do? Become an OSNews Patreon and support our continued work!

Specifications

The Blackbird Secure Desktop is built around Raptor's Blackbird micro-ATX motherboard. This motherboard has a Sforza CPU socket, 2 DDR4 RAM slots compatible with EEC registered memory with a maximum combined capacity of 256GB, 2 PCIe 4.0 slots (16x and 8x), 2 gigabit Ethernet ports, another Ethernet port used for the BMC (OpenBMC - more on that later), 4 SATA ports (6Gb/s), and more than enough USB options (4 USB 3.0, 1 USB 2.0), and two RS-232 ports (one external, one internal using a header). On top of that, it has a CMedia 5.1 audio chip and associated jacks, an HDMI port driven by the on-board ASpeed graphics chip, as well as the ASpeed BMC.

The board also comes with amenities we've come to expect from modern motherboards, like fan headers, an internal LED panel that displays the status of the motherboard, standard front panel connectors, a header for external audio, and so on. You also get a number of more exotic features, such as various headers to control the BMC, headers to update the open source firmware packages on the board, a FlexVer connector, and more. The only modern amenity that's really missing from this board is an M.2 slot, which is something Raptor should really add to future revisions or new boards.

In what will be a running theme in this review, for an exotic non-x86 ISA, the Blackbird motherboard is decidedly... Normal. Anyone who knows their way around a regular x86 motherboard won't be confused by the Blackbird. Nor the unique ISA, nor the fact that the entire board is free from binary blobs makes it any harder to use than any other motherboard. Sure, the processor socket and the cooler mounting mechanism is a bit different, but even within x86 there are various different socket types and mounting mechanisms, so this is just another one to add to the list.

My preassembled machine came equipped with the base processor option - an IBM POWER9 processor with 4 cores and 16 threads, running at a base clock speed of 3.2Ghz, with a turbo frequency of 3.80Ghz. Unlike x86 cores, POWER9 uses four-way multithreading (or eight-way for the more exotic chips). This particular processor also boasts 48 PCIe lanes. You can also configure the Blackbird Secure Desktop with an 8-core variant, but higher core counts will most likely lead to instability and downclocking due power delivery constraints. If you want more cores, you'll have to step up to the single-socket Talos II Lite board or the dual-socket Talos II board.

My machine further came equipped with 64GB of registered ECC DDR4 RAM (running at 2666MHz) and an AMD Radeon Pro WX4100 GPU. To circumvent the lack of an on-board M.2 slot, my machine came configured with a PCIe M.2 adapter carrying a Samsung 960 EVO M.2 SSD at 500GB. All this hardware is housed in a relatively small generic Antec desktop-style micro-ATX case (with a stand for orienting the case vertically), and is powered by a standard 300W TFX power supply.

Performance is excellent, and benchmarks show that POWER9 processors can hold their own against competing x86 processors from Intel and AMD. Not once did I feel this machine was lacking in power, performance, or smoothness.

Of note here is that if you buy the Blackbird motherboard and CPU separately and build your own machine from there, you can use any regular PC case you want, as long as it can fit a micro-ATX motherboard. The same obviously applies to the power supply - if it's ATX, you're good to go. And while the board supports registered ECC memory, you can opt for cheaper, regular memory too. I'm guessing quite a few OSNews readers have a random case, PSU, and some DDR4 memory lying around, so if you're interested in building a POWER9 machine, you won't necessarily have to buy a lot of specialised, expensive equipment.

There's an elephant in my room

One aspect where hardware like this decidedly differs from generic x86 is pricing. Exotic, niche hardware like this that eschews the large PC part makers is not cheap, and the Blackbird is no exception. Time to rip off the band-aid: a base configuration of the Blackbird Secure Desktop, with the 4-core/16-thread CPU, 8GB of EEC registered RAM, no dedicated GPU, and a 128GB Samsung NVMe drive will set you back $3,370. My model, with the bigger SSD, dedicated GPU, and 64GB of RAM is considerably more expensive at an estimated $5000. Buying just the motherboard with the base 4-core/16-thread processor and passive 2U CPU heatsink costs $1,732.07.

There's no going around it: that's a lot of money. You can get a lot of x86 for that - current processor and GPU shortage not withstanding - and there's going to be a lot of people here who would be perfectly fine with that. However, this hardware does offer the one thing other platforms simply cannot offer: complete openness. There isn't any other platform that's completely free and open source from top to bottom. Is that unique feature worth the price of admission?

If you're tired of companies like Apple, Intel, Microsoft, and so on invading your privacy and taking ownership of your" hardware, or in case you're a journalist investigating serious corporate or government crimes - either in totalitarian dictatorships like China or in western democracies - it just might be. There's really no other way to know for sure your hardware hasn't been compromised.

These machines cost a lot of money, but that's the price to pay for hardware you actually own, instead of just leas. Machines from x86 competitors don't go beyond sort-of-but-not-really disabling the IME and some open firmware, which is obviously better than a fully locked-down machine, but nowhere near something like the Blackbird.

Are you sure this is exotic?

Taking the machine out of the box and setting it up is pretty much identical to any other computer, but the server-like architecture of the Blackbird does come with a few peculiarities that you won't find in generic x86 hardware. Much like a server, the Blackbird has a BMC - running OpenBMC, an open source BMC firmware stack - that powers on first, the second you connect the PSU to the power outlet. It's the BMC's job to interface between the system-management software and platform hardware. OpenBMC is a tiny Linux distribution designed specifically for running on BMCs.

The BMC outputs to both the VGA port and serial, but most of us will use the former. Once the BMC has fully booted its Linux installation, you end up at a Petitboot menu, where you can select your preferred boot device.

Petitboot is an operating system bootloader based on Linux kexec. It can load any operating system image that supports the Linux kexec re-boot mechanism like Linux and FreeBSD. Petitboot can load images from any device that can be mounted by Linux, and can also load images from the network using the HTTP, HTTPS, NFS, SFTP, and TFTP protocols.

Petitboot might be one of my favourite features of the Blackbird. It automatically recognises any bootable medium, and can rescan for new media even once it's already running. Think of it as a combination between a BIOS boot menu and GRUB, but easier to use than both. In Petitboot you can also check system logs, change individual boot options, exit to a shell for more control, and more.

From here on out, booting an operating system is pretty much identical to any other PC. Linux and several BSD variants are supported, with the more popular operating systems on POWER machines like these being Fedora and Void Linux. Installing these distributions is identical to installing their x86 counterparts, and the two distributions I tried, Fedora and Void, have outstanding support for POWER and work out of the box, without any additional hacks or tricks.

Actually running these distributions - I settled on Fedora myself - is almost an entirely uneventful experience. Everything just works, and other than actively searching for it, you'd be hard-pressed to find any signs you're not running on x86. The repositories for Fedora seem fully covered, and even external projects such as RPM Fusion just work. I run Fedora 34 using Wayland, and that, too, works entirely flawlessly.

neofetch_power9-1024x765.png

There are a few notes, however, about running Linux on POWER. first and foremost, the browser situation. Firefox is my preferred browser, but the POWER9 version is severely crippled because its JIT has not yet been ported to ppc64. This means anything more complex than basic web pages bring the browsing experience to a crawl, and using Firefox on POWER is, therefore, a very unpleasant experience. There is an effort underway to port the Firefox JIT to ppc64, but it seems it hasn't been very active.

With Firefox being problematic on POWER9, the best browser to use is Chromium. The open source base for Google's Chrome browser has been ported to ppc64 and works perfectly fine and without any issues, with my preferences definitely going to the Ungoogled Chromium version, so we don't have to deal with any Google nonsense on a fully open source workstation. The installation is straightforward - add the repository and install it from there, or download the specific RPM for the latest release.

The second limitation of running Linux on POWER is one that is entirely obvious, but that I want to mention anyway. It's an open door, but anything that is not or cannot be ported to POWER won't run. There isn't much of this kind of software - one of the strengths of the Linux world is the relative ease with which different architectures can be supported because of its open source nature - but it does exist.

An example of this is obviously video games. Steam, which thanks to Proton and native Linux games has turned Linux into a very capable gaming platform (I don't run Windows at all anymore), doesn't run on POWER, and while work on bringing Wine to POWER is underway, I doubt it will deliver usable performance for games. Interestingly enough, since Minecraft, one of the most popular games of all time, is written in Java, it runs just fine on POWER with a small modification. The latest version of Minecraft - 1.16.5 - is available for POWER.

Other than these two limitations, running Linux on the Blackbird is an uneventful experience. My biggest surprise while using Linux on POWER is just how... Pedestrian it all feels. If you've used Fedora or Debian or Void on x86, you've pretty much used them on POWER, too. For instance, I was pleasantly surprised to see that the very latest version of my Linux Twitter client of choice, Cawbird, was available in the Fedora ppc64 repositories without any issues, which you just wouldn't expect from a non-essential app developed by a small team.

Adding a dedicated GPU

There is one other unique quirk of the Blackbird that straddles the line between software and hardware. The onboard ASpeed graphics chip isn't exactly great - it maxes out at 1920*1080 with only usable performance - which means most people will want to add a dedicated GPU. However, adding a dedicated GPU requires loading a proprietary firmware blob, which goes against the very nature of the hardware. As such, if you are interested in a Blackbird because your use case requires 100% user-controlled, open source hardware without any proprietary code, you have no choice but to stick to the more limited ASpeed graphics or possible future fully open source graphics cards.

For people willing to make the concession and add a dedicated GPU, there's a few steps you need to take that aren't required on x86 hardware. The firmware required for your GPU needs to be loaded by the Linux video drivers in Petitboot, and a small area of the firmware's flash storage - about 1.8MB - has been set aside specifically for firmware that needs to be loaded, and you need to copy the required firmware into this area.

Once you know which firmware files you need, it's not a difficult process - especially not for people reading OSNews - but it is the only instance I've experienced where there is a marked difference between using Linux on regular x86 and using Linux on POWER. There's room for making this process a little easier - maybe through a script or a tool that takes some of the guesswork and manual commands out of the equation - but making it easier to compromise the security of machines like this seems... Counterproductive.

In short, while using the onboard graphics is a must if you need to maintain the security of the machine, you at least have the option to move to a dedicated GPU for massively increased performance. Whether or not you feel comfortable doing so is a question I cannot answer. Firmware blobs like these have access to a lot of important areas of the system, so running unaudited, closed source firmware is a massive security risk.

Proceed with caution.

Some random Post-its(R)

I've noticed that quite a number of people with understanding of why Apple transitioned to Intel in 2006 have a tendency to assume the Blackbird will be an overheating power hog. Nothing could be further from the truth, as the user-reported power consumption figures illustrate. The 300W power supply my system came with has no issues powering the hardware, and while POWER does run a little hotter than x86 processors tend to do (70-90C), this is normal for POWER and the temperature range Raptor's engineers aim for.

I am not a big fan of the case the Blackbird comes in, since its airflow is pretty terrible. The 2U CPU cooler the Blackbird Secure Desktop comes with is a passive heatsink, connected to the PSU fan through a duct, effectively meaning the PSU fan draws air past the CPU heatsink, exhausting it out the back. However, since the front of the case is almost entirely closed off, the influx of ambient air isn't going to be great. The upside is that the case is quite small, and easy to stow away under or next to your monitor or desk.

Raptor and I are discussing the possibility of sending me the 8-core CPU with an actively cooled 3U heatsink, so I can transplant the mainboard into a bigger, airflow-optimised case. If this goes through, you can expect a follow-up article with some benchmarks comparing the 4-core CPU to the 8-core model, as well as information about if we can get some lower temperatures - and thus, less fan noise - using a bigger case, which is valuable information for people considering buying just the mainboard. If you would like me to test some of the BSDs or a specific Linux distribution, lot me know, and I'll see if I can write about that, too.

Note that aftermarket coolers do not exist; you can choose between Raptor's fanless 2U cooler and the 3U cooler with a fan. While you could probably jerry-rig some Intel/AMD coolers with some redneck engineering and elbow grease, do so at entirely your own risk.

Conclusion

I'm rarely this positive in reviews, but I have to say I love the Blackbird. Having such a capable, modern workstation that is entirely open source, without any dubious, unaudited firmware blobs anywhere in the system is something I deeply appreciate. We're in the middle of the war on general purpose computing, and it seems that every day we read the tech news, we learn of another consumer or user right that we seemingly give up without a fight to the likes of Apple, Google, Microsoft, Intel, and others.

The Blackbird, and its higher-end sibling the Talos II, is, as far as I know, the only fully open source alternative to the Intel and ARM machines that you lease, not buy. That you may use, not own.

That being said, the Blackbird has a number of problems, with the most obvious one being its price. The cost of admission to the front lines of this war is nothing to sneeze at, and it's entirely unreasonable to expect someone who worries about the state of computing to just shell out this kind of money. Most people's computing budgets - including my own, since our first kid is on the way! - simply do not have any room for $3000+ machines, and there's nothing wrong with appreciating a machine like this without being willing to spend the money to own one.

Still, the mere fact a fully open source machine like the Blackbird exists at all is astonishing. Here we have a fully capable, easy to use and modern computer that is fully open source and free of proprietary code, that is barely distinguishable from a proprietary firmware-ridden PC or, even worse, Mac. All I can hope for is that Raptor, its customers, and its suppliers like IBM, can somehow, perhaps slowly, manage to bring the price down, making truly Free hardware accessible to more and more people.

Also a laptop would be nice but you know, baby steps!

The Blackbird Secure Desktop is an excellent piece of hardware, and a machine the current abysmal state of the computing landscape desperately needs.

External Content
Source RSS or Atom Feed
Feed Location http://www.osnews.com/files/recent.xml
Feed Title OSnews
Feed Link https://www.osnews.com/
Reply 0 comments