Difference between revisions of "Desktop Roadmap"
Peter Easton (talk | contribs) |
Peter Easton (talk | contribs) |
||
Line 21: | Line 21: | ||
* Cryptsetup (dm-crypt) and verity in Petitboot for firmware-based full disk encryption? | * Cryptsetup (dm-crypt) and verity in Petitboot for firmware-based full disk encryption? | ||
* FreeCAD? (May or may not be upstreamed yet?) | * FreeCAD? (May or may not be upstreamed yet?) | ||
+ | * Maybe open up a discussion on the feasibility of allowing the changing of the default BMC password through the petitboot? Is this even possible? | ||
=Done= | =Done= |
Revision as of 15:18, 16 December 2018
This page is currently a very hasty list of the roadmap needed to make the Talos an "everyday common user's" machine.
For convenience, unfinished tasks have been grouped into three categories: "Urgently Needed", "Somewhat Needed", and "Would Be Nice" in descending order of importance.
"Urgently Needed"
- "Safe By Default" Randomly generated BMC Passphrase with password written down on a sheet of cardboard in the package.
Rationale: even some of our users have had trouble with this. The default insecure password with the BMC could result in an instant compromise of the machine and require full flashing of all persistent firmware components in the event the computer is accidentally plugged into the network and the power at the same time. This completely innocent mistake could be fatal and recovering from it difficult. The threat model of a randomly determined BMC Passphrase would be if the user accidentally plugs the computer into the untrusted internet against a passive adversary that will simply try the default passwords, similar to how the Mirai Botnet operated.
- "Talos II Beginner's Quick Start Guide" in Talos User's Manual
Rationale: nontechnical users may have difficulty with the complicated procedure to remotely access and set the BMC password from a trustworthy system.
- "Hole Pattern Template"
Rationale: A reusable cardboard or a fold-out paper template in the manual for seeing which standoffs to install and not to install would be really helpful to avoid the "scraped resistor" problem that have plagued a couple builders.
"Somewhat Needed"
- Firefox Just In Time Javascript (Segmentation Fault Error?)
- Thunderbird Stable (Segmentation Fault Error?)
- Tor Browser Bundle with safe configuration defaults
Would Be Nice
- "Easy Build" Script for building Unreal Tournament 4 for nontechnical users?
- Android Builder for building smartphone OSes?
- Cryptsetup (dm-crypt) and verity in Petitboot for firmware-based full disk encryption?
- FreeCAD? (May or may not be upstreamed yet?)
- Maybe open up a discussion on the feasibility of allowing the changing of the default BMC password through the petitboot? Is this even possible?
Done
- Chromium With Just In Time JavaScript
- Electron with Just In Time JavaScript
- AMDGPU Kernel DMA Patches (Possibly upstreamed?)
- Firefox Quantum running stably (Not upstreamed yet)
- Office Suite (LibreOffice, TeXStudio
- Libre Games (SuperTuxKart, Chromium BSU, Super Tux, Tux Racer, Blob Wars, Open Transit Tycoon, Open Roller Coaster Tycoon, etc)
- Unreal Tournament 4 Tested and working and demonstrated.
- OBS (Needs to be upstreamed?)