**A Deep Dive into the Power 9: Unpacking its Open and Secure Architecture**

Now there are some blobs binary large objects soap some black box code here around the boot code for the graphics card there's also some binary blobs in the in vme controller so it's not totally open but it's it's as close as you can get and you know it's gonna be hard to compromise through those things. The USB ports are a little limited I've got two USB to ports on the front at the rear i/o we've got rs-232 serial 2 USB 3 your VGA port and two NICs one of these is I mean you both are accessible by the operating system of one of these is for the remote management now. You do also have a lot of PCI Express slots so if not enough USB ports is the thing that you would complain about you can do that through an add-in card. I like the audio the audio is not onboard that's also in an add-in card.

This system, the Power 9, is probably the most open and secure machine that I've ever used so if you don't want the sound card or if your sound card has a binary blob just use a USB sound card. I don't know now you might be thinking wait what about risk 5 well that's the crazy levels of openness and know IBM sure but I'm not really sure that the ancient evil spirits of IBM are really a thing anymore. Risk 5 really is attractive to a lot of people for a lot of reasons including the open is a fact is though the performance isn't there yet on risk 5 if you want to do real work with a lot of horsepower securely this is your system.

If you're looking to move away from x86 and that whole performance management thing that is a little bit of a rabbit hole I gotta admit. This video is already kind of dragging on there's a lot of great resources on the level 1 forum and you can learn more about the performance and the gotchas and the quirks and all the fun accoutrement that goes with power 9 and it is still a little bit of an adventure to use as a daily driver. I can say using a system over the last several months that it has been an interesting and rewarding experience software support can be rough around the edges but it has improved at an incredibly impressive pace.

I mean clearly they're getting these machines into the hands of the right software developers to make everything like about everything that I would complain about has been fixed. For example, Firefox would only compile on the architecture it was it ran pretty well but chromium recently also started working which has a much faster JavaScript engine. Kubernetes seems like it's pretty much working at this point sort of kinda so these machines are being used for Unreal game development and even high-end video production.

So there's a lot of really cool projects that the Raptor computing folks have put together. This machine was the first desktop computer with PCI Express 4 yes Raptor computing the AMD to the punch on PCI Express 4 on the desktop though I think Raptor computing can probably thank Andy for bringing to life PCI Express for SSDs you can actually buy these on the market now and yes they were great in here.

So final verdict if you value freedom as in speech and openness this is a good base for a fast and powerful workstation. If this is a little bit too rich for your blood the dual socket configuration check out the Blackbird also from Raptor computing it's a more affordable desktop class as opposed to workstation class machine and it's still built around the power architecture so it's actually pretty fast.

You get the 8 core for example I think that's a pretty good desktop system. This system demonstrates that the power is far from a decrepit I say and it's probably going to go on living forever. I mean there's open Caffey and there's other interfaces here and the firmware chips are removable and there's just we could we could we could go on for hours and hours and hours if you want to meet meet the people or meet one of the people behind the Raptor computing or learn a little bit more about the platform check out the video we did a couple of months ago.

We did an interview one of the Raptor computing guys it was a lot of fun hopefully we'll get do something like that again if you're going to you really should go to the Open Power Summit this year there's gonna be an announcement I can't tell you what I know what but it's sort of an open secret in the industry at this point. You should go if you're interested from the power-on architecture cuz it's gonna be bananas that's all I can say.

**About the Author**

Windell is a well-known figure in the technology community, particularly when it comes to in-depth analysis and interviews with innovative minds in the tech world. He has been instrumental in bringing attention to various projects and companies that focus on innovation, security, and freedom.

"WEBVTTKind: captionsLanguage: enI have the power up nine power nine meet mum raw yes mum raw yeah I know I know it's the wrong franchise but really that chokes clever on so many levels because well this is PowerPC I mean remember the Power Mac g5 this is the power nine from IBM it's not x86 it's a completely different microarchitecture but the power nine has been completely transformed by Raptor computing into the freest openness actually usable desktop computer that you can get right now pretty much this is the Talos two it really is I think the freest computer that I've ever used and probably one of the most secure there's no closed management engine as with Intel platform security like the platform security thing or AMD's you know while Intel's management engine or AMD's platform security processor and a company they built it Raptor computing well I mean Raptors what's what's not to love about Raptors yeah this is the computer for people that have read and understood the full gravity of can Thompson's paper reflections on trusting trust which by the way if you haven't seen that paper or read it you should definitely go read it now and then marvel at the fact that it was written in 1984 it's a completely open the schematics the firmware socketed everything everything is yours to download and modify however you see fit now I mentioned power 9 that's still an IBM cpu IBM will license you the full designs and specs if you want you can open it inspect it take a look at it make sure IBM hasn't stuck anything in there after computing the makers of the towels 2 and the members of the open power fan that find a ssin have done just that with the IBM power 9 CPU I mean it's used in a lot of government applications by governments across the world so that's had a lot of eyes on it all modern desktop computers are you know a computer within a computer I mean look all computers are computers within a computer so look I've got my my Dell here my trusty Dell workstation yeah it's a little old but it works for this demonstration I plugged in power literally the only thing going on here is power look at that you see those green blinky lights the green blinky lights of evil yeah it just phoned home to Skynet that's what it's doing look the front there's no power light there's no indication that anything is on here the fans aren't spending that is the remote management platform built into this relatively ordinary Dell machine from a long time ago there's a binary blob from Intel that runs that and it's had security issues in the past it's had for alarm and five-alarm security issues where system administrators have had to you know endure a fire drill where they update all their machines across the enterprise because some vulnerability was discovered in that management engine that would let the bad guys take over their computers and this is taking over at a very very low level below the operating system in the management firmware with you know a paper like reflections on trusting trust the bad guys could get in here and he would have to be really hard pressed to get them out it's a it's what a lot of governments are afraid of but you know in terms of like nation-state warfare in terms of like one country wanting to mess with another country citizens that's the world we live in now that should scare you because that's a very real possibility very real computing possibility if there's a flaw in the underlying firmware now pretty much all modern computers have that computer within a computer for management and remote control and believe it or not a lot of enterprise customers actually want that if somebody screws up their operating system how are you gonna reinstall it remotely you can do those kinds of things in the enterprise even if you've got a motherboard that doesn't have like the Intel vPro feature the features are still there in the firmware so you never know and I mean Intel security track record is at best remedial at this point so the code for things like initializing the system bus and handshaking with the memory etc I mean if you're a tinkerer and you've gone into the bar through UEFI that code that makes the network lock come on lives even below that and that's how you go from power on actually getting into the UEFI to do stuff that software very little bridges the gap are you sure that your firmware does not contain a backdoor well that's uh it's uh you know remembering that the lessons from reflections on trusting trust is it's hard to be sure so everything is on github from Raptor computing you can inspect it you can kick the tires you can look at it and try before you buy at least that's the philosophy here with the Talos 2 it is actually possible to verify just about all the parts of the computer are as intended including that low level firmware you can even create and cryptographically son your own the point of these computers from Raptor computing is that you can be secure and our particular system here is a dual socket thing I mean the second bills biggest selling point past the security aspect is that this is a powerful Linux workstation it genuinely is a powerful computer our config here is a relatively weak sauce dual four core but fir onyx has got full benchmarks all the way up to 22 cores per socket if you want to check those out that is a really high performance workstation so we want to do if you've got this machine and you wanna get it up and running quicksand in black box you'd think right but no you've got to go through the wiki and I can kind of quickly walk you through it but you're in for an adventure the first step is to change the BMC password that's the baseband management controller that's kind of like the PSP and the Intel management engine but it's more open and flexible and you can get to it through SSH or serial that gives you a nut that gives you a remote shell to manage the machine to power it on to do stuff with it now the first thing that you're going to want to do when you get into the BMC has changed the password to something secure so you don't want to plug this into an insecure network you want to use a crossover network cable to another machine that you trust and this locking it down locks it down at a low level so that you know you can verify the firmware and make sure that somebody doesn't do something bad next you can decide if you want to use the onboard VGA or the on-board serial port for your console my system was defaulted to the serial port which took me some time to figure out and I'd suggest you keep it that way has a lot of the the PowerPC 64 le installers for you know various distros seem to really expect you to be installing over that serial port and not VGA so that's fine once you do that you're gonna need to plug the system into a trusted network and connect via SSH to open BMC with the default password and set the password so it's critical that you don't plug the system into an untrusted Network like I was saying because somebody else might see your system and connect to it and that kind of thing I mean probably not but it never hurts I mean if you if you're buying this machine for that level of paranoia just so you know installing the OS can be tricky as well at least with my experience I had the best luck with fedora and Red Hat /ascent OS I mean powering on IBM IBM acquisition go figure second best look Debian it's also possible to install Alpine and a lot of other distros if you're into that kind of thing basically anything supporting PPC 64 le but with varying levels of adventure like you might have to image it and then boot off of it or the Installer might work or the Installer might be a little weird I did have trouble accessing the on-board VGA for the purposes of installation and I found the Red Hat server install that made use of VNC to be the most effective of course the text-mode installer via the serial console is also viable you can switch to workstation a workstation install after the install is complete so even though you're not technically using the workstation installer you can install the workstation stuff after the fact and I do want to note that the wraptor wiki doesn't really mention anything about the actual OS installation for the procedures but it does have procedures for compiling the firmware and making sure that your firmware is secure and the md5 sum matches and that sort of thing so you can download the source and compile your own or you can download the pre-compiled firmware if you want now as you might imagine the computer within a computer actually has a lot of moving parts that's normal that's just how these computers are these these days so there's a lot of firm layers even beyond the firmware is that Raptor computing provides there's adding cards mine came with an AMD WX 7100 graphics card from AMD this is the same pro level graphics cards that are reviewed last year it's the most open high performance GPU that you can get pretty much now there are some blobs binary large objects soap some black box code here around the boot code for the graphics card there's also some binary blobs in the in vme controller so it's not totally open but it's it's as close as you can get and you know it's gonna be hard to compromise through those things the USB ports are a little limited I've got two USB to ports on the front at the rear i/o we've got rs-232 serial 2 USB 3 your VGA port and two NICs one of these is I mean you both are accessible by the operating system of one of these is for the remote management now you do also have a lot of PCI Express slots so if not enough USB ports is the thing that you would complain about you can do that through an add-in card I like the audio the audio is not onboard that's also in an add-in card this like I say this is probably the most open and secure machine that I've ever used so if you don't want the sound card or if your sound card has a binary blob just use a USB sound card I don't know now you might be thinking wait what about risk 5 well that's the crazy levels of openness and know IBM sure but I'm not really sure that the ancient evil spirits of IBM are really a thing anymore risk 5 really is attractive to a lot of people for a lot of reasons including the open is a fact is though the performance isn't there yet on risk 5 if you want to do real work with a lot of horsepower securely this is your system if I've piqued your interest about power then moving away from x86 and that whole performance management thing that is a little bit of a rabbit hole I gotta admit I mean this video is already kind of dragging on there's a lot of great resources on the level 1 forum and you can learn more about the performance and the gotchas and the quirks and all the fun accoutrement that goes with power 9 and it is still a little bit of an adventure to use as a daily driver I can say using a system over the last several months that it has been an interesting and rewarding experience software support can be rough around the edges but it has improved at an incredibly impressive pace I mean clearly they're getting these machines into the hands of the right software developers to make everything like about everything that I would complain about has been fixed I mean for the last 6 months it was like oh yeah what about this and say oh that's working now for a while for example Firefox would only compile on the architecture it was it ran pretty well but chromium recently also started working which has a much faster JavaScript engine kubernetes kubernetes seems like it's pretty much working at this point sort of kinda so these machines are being used for unreal game development and even high-end video production so there's a lot of really cool projects that the Raptor computing folks have put together this machine was the first desktop computer with PCI Express 4 yes Raptor computing the AMD to the punch on PCI Express 4 on the desktop though I think Raptor computing can probably thank Andy for bringing to life PCI Express for SSDs you can actually buy these on the market now and yes they were great in here so final verdict if you value freedom as in speech and openness this is a good base for a fast and powerful workstation if this is a little bit too rich for your blood the dual socket configuration check out the Blackbird also from Raptor computing it's a more affordable desktop class as opposed to workstation class machine and it's still built around the power architecture so it's actually pretty fast you get the 8 core for example I think that's a pretty good desktop system this system demonstrates that the power is a is far from a decrepit I say and it's probably going to go on living forever I mean there's open Caffey and there's other interfaces here and the firmware chips are removable and there's just we could we could we could go on for hours and hours and hours if you want to meet meet the people or meet one of the people behind the Raptor computing or learn a little bit more about the platform check out the video we did a couple of months ago we did an interview one of the Raptor computing guys it was a lot of fun hopefully we'll get do something like that again if you're going to you really should go to the Open Power Summit this year there's gonna be an announcement I can't tell you what I know what but it's sort of an open secret in the industry at this point you should go if you're interested from the power-on architecture cuz it's gonna be bananas that's all I can say I'm Windell this is level 1 I'm signing out and I'll see you laterI have the power up nine power nine meet mum raw yes mum raw yeah I know I know it's the wrong franchise but really that chokes clever on so many levels because well this is PowerPC I mean remember the Power Mac g5 this is the power nine from IBM it's not x86 it's a completely different microarchitecture but the power nine has been completely transformed by Raptor computing into the freest openness actually usable desktop computer that you can get right now pretty much this is the Talos two it really is I think the freest computer that I've ever used and probably one of the most secure there's no closed management engine as with Intel platform security like the platform security thing or AMD's you know while Intel's management engine or AMD's platform security processor and a company they built it Raptor computing well I mean Raptors what's what's not to love about Raptors yeah this is the computer for people that have read and understood the full gravity of can Thompson's paper reflections on trusting trust which by the way if you haven't seen that paper or read it you should definitely go read it now and then marvel at the fact that it was written in 1984 it's a completely open the schematics the firmware socketed everything everything is yours to download and modify however you see fit now I mentioned power 9 that's still an IBM cpu IBM will license you the full designs and specs if you want you can open it inspect it take a look at it make sure IBM hasn't stuck anything in there after computing the makers of the towels 2 and the members of the open power fan that find a ssin have done just that with the IBM power 9 CPU I mean it's used in a lot of government applications by governments across the world so that's had a lot of eyes on it all modern desktop computers are you know a computer within a computer I mean look all computers are computers within a computer so look I've got my my Dell here my trusty Dell workstation yeah it's a little old but it works for this demonstration I plugged in power literally the only thing going on here is power look at that you see those green blinky lights the green blinky lights of evil yeah it just phoned home to Skynet that's what it's doing look the front there's no power light there's no indication that anything is on here the fans aren't spending that is the remote management platform built into this relatively ordinary Dell machine from a long time ago there's a binary blob from Intel that runs that and it's had security issues in the past it's had for alarm and five-alarm security issues where system administrators have had to you know endure a fire drill where they update all their machines across the enterprise because some vulnerability was discovered in that management engine that would let the bad guys take over their computers and this is taking over at a very very low level below the operating system in the management firmware with you know a paper like reflections on trusting trust the bad guys could get in here and he would have to be really hard pressed to get them out it's a it's what a lot of governments are afraid of but you know in terms of like nation-state warfare in terms of like one country wanting to mess with another country citizens that's the world we live in now that should scare you because that's a very real possibility very real computing possibility if there's a flaw in the underlying firmware now pretty much all modern computers have that computer within a computer for management and remote control and believe it or not a lot of enterprise customers actually want that if somebody screws up their operating system how are you gonna reinstall it remotely you can do those kinds of things in the enterprise even if you've got a motherboard that doesn't have like the Intel vPro feature the features are still there in the firmware so you never know and I mean Intel security track record is at best remedial at this point so the code for things like initializing the system bus and handshaking with the memory etc I mean if you're a tinkerer and you've gone into the bar through UEFI that code that makes the network lock come on lives even below that and that's how you go from power on actually getting into the UEFI to do stuff that software very little bridges the gap are you sure that your firmware does not contain a backdoor well that's uh it's uh you know remembering that the lessons from reflections on trusting trust is it's hard to be sure so everything is on github from Raptor computing you can inspect it you can kick the tires you can look at it and try before you buy at least that's the philosophy here with the Talos 2 it is actually possible to verify just about all the parts of the computer are as intended including that low level firmware you can even create and cryptographically son your own the point of these computers from Raptor computing is that you can be secure and our particular system here is a dual socket thing I mean the second bills biggest selling point past the security aspect is that this is a powerful Linux workstation it genuinely is a powerful computer our config here is a relatively weak sauce dual four core but fir onyx has got full benchmarks all the way up to 22 cores per socket if you want to check those out that is a really high performance workstation so we want to do if you've got this machine and you wanna get it up and running quicksand in black box you'd think right but no you've got to go through the wiki and I can kind of quickly walk you through it but you're in for an adventure the first step is to change the BMC password that's the baseband management controller that's kind of like the PSP and the Intel management engine but it's more open and flexible and you can get to it through SSH or serial that gives you a nut that gives you a remote shell to manage the machine to power it on to do stuff with it now the first thing that you're going to want to do when you get into the BMC has changed the password to something secure so you don't want to plug this into an insecure network you want to use a crossover network cable to another machine that you trust and this locking it down locks it down at a low level so that you know you can verify the firmware and make sure that somebody doesn't do something bad next you can decide if you want to use the onboard VGA or the on-board serial port for your console my system was defaulted to the serial port which took me some time to figure out and I'd suggest you keep it that way has a lot of the the PowerPC 64 le installers for you know various distros seem to really expect you to be installing over that serial port and not VGA so that's fine once you do that you're gonna need to plug the system into a trusted network and connect via SSH to open BMC with the default password and set the password so it's critical that you don't plug the system into an untrusted Network like I was saying because somebody else might see your system and connect to it and that kind of thing I mean probably not but it never hurts I mean if you if you're buying this machine for that level of paranoia just so you know installing the OS can be tricky as well at least with my experience I had the best luck with fedora and Red Hat /ascent OS I mean powering on IBM IBM acquisition go figure second best look Debian it's also possible to install Alpine and a lot of other distros if you're into that kind of thing basically anything supporting PPC 64 le but with varying levels of adventure like you might have to image it and then boot off of it or the Installer might work or the Installer might be a little weird I did have trouble accessing the on-board VGA for the purposes of installation and I found the Red Hat server install that made use of VNC to be the most effective of course the text-mode installer via the serial console is also viable you can switch to workstation a workstation install after the install is complete so even though you're not technically using the workstation installer you can install the workstation stuff after the fact and I do want to note that the wraptor wiki doesn't really mention anything about the actual OS installation for the procedures but it does have procedures for compiling the firmware and making sure that your firmware is secure and the md5 sum matches and that sort of thing so you can download the source and compile your own or you can download the pre-compiled firmware if you want now as you might imagine the computer within a computer actually has a lot of moving parts that's normal that's just how these computers are these these days so there's a lot of firm layers even beyond the firmware is that Raptor computing provides there's adding cards mine came with an AMD WX 7100 graphics card from AMD this is the same pro level graphics cards that are reviewed last year it's the most open high performance GPU that you can get pretty much now there are some blobs binary large objects soap some black box code here around the boot code for the graphics card there's also some binary blobs in the in vme controller so it's not totally open but it's it's as close as you can get and you know it's gonna be hard to compromise through those things the USB ports are a little limited I've got two USB to ports on the front at the rear i/o we've got rs-232 serial 2 USB 3 your VGA port and two NICs one of these is I mean you both are accessible by the operating system of one of these is for the remote management now you do also have a lot of PCI Express slots so if not enough USB ports is the thing that you would complain about you can do that through an add-in card I like the audio the audio is not onboard that's also in an add-in card this like I say this is probably the most open and secure machine that I've ever used so if you don't want the sound card or if your sound card has a binary blob just use a USB sound card I don't know now you might be thinking wait what about risk 5 well that's the crazy levels of openness and know IBM sure but I'm not really sure that the ancient evil spirits of IBM are really a thing anymore risk 5 really is attractive to a lot of people for a lot of reasons including the open is a fact is though the performance isn't there yet on risk 5 if you want to do real work with a lot of horsepower securely this is your system if I've piqued your interest about power then moving away from x86 and that whole performance management thing that is a little bit of a rabbit hole I gotta admit I mean this video is already kind of dragging on there's a lot of great resources on the level 1 forum and you can learn more about the performance and the gotchas and the quirks and all the fun accoutrement that goes with power 9 and it is still a little bit of an adventure to use as a daily driver I can say using a system over the last several months that it has been an interesting and rewarding experience software support can be rough around the edges but it has improved at an incredibly impressive pace I mean clearly they're getting these machines into the hands of the right software developers to make everything like about everything that I would complain about has been fixed I mean for the last 6 months it was like oh yeah what about this and say oh that's working now for a while for example Firefox would only compile on the architecture it was it ran pretty well but chromium recently also started working which has a much faster JavaScript engine kubernetes kubernetes seems like it's pretty much working at this point sort of kinda so these machines are being used for unreal game development and even high-end video production so there's a lot of really cool projects that the Raptor computing folks have put together this machine was the first desktop computer with PCI Express 4 yes Raptor computing the AMD to the punch on PCI Express 4 on the desktop though I think Raptor computing can probably thank Andy for bringing to life PCI Express for SSDs you can actually buy these on the market now and yes they were great in here so final verdict if you value freedom as in speech and openness this is a good base for a fast and powerful workstation if this is a little bit too rich for your blood the dual socket configuration check out the Blackbird also from Raptor computing it's a more affordable desktop class as opposed to workstation class machine and it's still built around the power architecture so it's actually pretty fast you get the 8 core for example I think that's a pretty good desktop system this system demonstrates that the power is a is far from a decrepit I say and it's probably going to go on living forever I mean there's open Caffey and there's other interfaces here and the firmware chips are removable and there's just we could we could we could go on for hours and hours and hours if you want to meet meet the people or meet one of the people behind the Raptor computing or learn a little bit more about the platform check out the video we did a couple of months ago we did an interview one of the Raptor computing guys it was a lot of fun hopefully we'll get do something like that again if you're going to you really should go to the Open Power Summit this year there's gonna be an announcement I can't tell you what I know what but it's sort of an open secret in the industry at this point you should go if you're interested from the power-on architecture cuz it's gonna be bananas that's all I can say I'm Windell this is level 1 I'm signing out and I'll see you later\n"