Security & Privacy
Laptops & PCs
Talos™ is a state-of-the-art mainboard designed for the new IBM POWER8 architecture. It is the first and only high performance computer with absolutely no proprietary software or firmware blobs. With its ATX form factor, Talos™ brings a level of performance to the workstation realm usually found in dedicated servers and a level of freedom and user control long extinct in modern hardware. In addition to its onboard, open-toolchain FPGAs, Talos™ easily and tightly interfaces with GPUs, FPGAs, and custom hardware.
Talos™ competes with the highest-end mainstream (e.g., x86) computers available - Intel Xeon E5 and even E7 machines. Whether it’s AAA games, intensive CAD and modeling software, or machine learning algorithms for crunching huge datasets, Talos™ is well-equipped to handle the workload:
Talos’™ fully open firmware means there are absolutely no inscrutable binary blobs where bugs, backdoors, and vulnerabilities can hide. If you deal with sensitive information or you care about the safety of your intellectual property, Talos™ will dramatically reduce the risk of intrusion and theft with features like:
Say goodbye to the days of not being able to configure your system to your needs because of inaccessible firmware, schematics, or toolchains. With Talos™, you own the machine and can modify it to your heart’s content:
You can extend Talos’™ capabilities with hardware accelerators (e.g., FPGAs and GPUs) and with custom peripherals, using a wide array of interfaces:
|High-level overview of Talos™ mainboard components|
|A. 1 x PCI slot||G. 8 x DDR3 ECC DIMM slots|
|B. GPIO header||H. 6 x PCI Express slots|
|C. mPCIe slot||I. AST2400 BMC with HDMI video|
|D. 8 x 6 Gbps internal SATA||J. Integrated I/O|
|E. 2-port USB 3.0 header||K. 1x socketed POWER8 SCM|
|F. 2 x internal USB 3.0|
Talos™ is designed around IBM’s POWER8 architecture and line of processors. IBM has published a significant amount of detailed POWER8 design and software documentation:
Raptor Engineering (a partner of Raptor Computing Systems) is a member of the OpenPOWER Foundation, an open technical membership organization dedicated to the POWER architecture.
The x86 architecture, while ubiquitous in personal computing, suffers from irreparable security and lockdown issues. For example, the Intel Management Engine (ME) is a problem that’s been brewing for about ten years, even though the popular technology press has only recently started reporting on it. The Intel ME is present on all modern Intel processors and is essentially a backdoor with full access to the entire computer - a security disaster waiting to happen. Due to the deeply entrenched interests of current players (e.g., Intel and AMD), and the presumed jungle of legally binding contracts those interests have with their myriad partners, this situation will never improve and will only worsen.
The video below goes into detail about why Talos is a great alternative to x86. (This presentation was first given at the Coreboot conference and developer meeting in San Francisco, June 2016.)
AnandTech recently did an extensive comparison of IBM’s POWER8 processor with Intel’s Xeon E5. This quote from the conclusion highlights the strength of the POWER8 processor:
The POWER8 microarchitecture is clearly built to run at least two threads. On average, two threads gives a massive 43% performance boost, with further peaks of up to 84%. This is in sharp contrast with Intel’s SMT, which delivers a 18% performance boost with peaks of up to 32%. Taken further, SMT-4 on the POWER8 chip outright doubles its performance compared to single threaded situations in many of the SPEC CPU subtests.
All in all, the maximum throughput of one POWER8 core is about 43% faster than a similar Broadwell-based Xeon E5 v4. Considering that using more cores hardly ever results in perfect scaling, a POWER8 CPU should be able to keep up with a Xeon with 40 to 60% more cores.
Benchmarks and graphs in the remainder of this section are provided as-is for general reference only, and are copyright Raptor Engineering 2016.
Values are approximate and for illustration purposes only.
Where does Talos™ fit within the larger spectrum of general purpose computers? Talos™ is the only powerful, auditable machine available in a standard ATX workstation / server form factor. Nothing else comes close.
While certain ARM SoCs are relatively open and libre-friendly, their performance leaves much to be desired. Most of these ARM SoCs cannot even compete against x86 hardware from the late 2000s on a raw performance or performance per watt basis. However, they are inexpensive and in some cases suitable for light web browsing or other non-intensive tasks.
On the x86 end, all currently available hardware has been effectively "TiVoized" through vendor- and manufacturer-signed binaries, and can never be audited or modified by the machine owner. Multiple scandals have come to light over the past year involving the manufacturer abusing this position of power to install various forms of malware through a hostile firmware image. In many cases the only recourse was to stop using the computer entirely until the manufacturer released a new firmware version with the malware ostensibly removed. This tradeoff of inexpensive machines for loss of owner control over said machines is unacceptable for many users in the current age of diminishing privacy and increasingly damaging cyberattacks.
Even machines ostensibly built for security are impacted by this situation. For example, the ORWL listed in the table below may have excellent hardware security features, but the software and firmware stack running on its x86 processor is completely unauditable, has full machine control even after operating system launch, and may not be trustworthy. Why would a criminal even bother attacking such a machine physically when a remote wireless or Internet-based exploit would be not only more cost effective but virtually untraceable? Talos™ does not allow such malware or bugs to hide undetected in the most privileged and sensitive areas of your system, namely the firmware and kernel, nor does it ask you to give up modern, high-end general purpose compute performance in the name of security.
|RCS Talos™||Tyan TN71-BP012||ASUS KGPE-D16||Lenovo T400||SuperMicro X10SRL-F||ORWL||EOMA68-A20||ASUS C201|
|Form Factor||ATX Mainboard||2U Server||EATX Mainboard||Laptop||ATX Mainboard||Proprietary||PCMCIA||Laptop|
|CPU Package Count||1||1||2||1||1||1||1||1|
|Hardware Enforced Vendor Signatures on Firmware||NO||NO||NO||NO||YES||YES||NO||NO|
|Open Firmware Available||YES||PARTIAL||YES||YES||NO||PARTIAL||YES||YES|
|Hardware Schematics Available||YES||NO||NO||YES||NO||YES||YES||NO|
|Trusted Boot with TPM and Owner Provided CRTM||WIP||NO||YES||NO||NO||NO||NO||YES|
|Open FPGA/CPLD Toolchain||YES||NO||N/A||N/A||N/A||N/A||N/A||N/A|
|Raw GP Compute Performance||HIGH||HIGH||MODERATE||MODERATE||HIGH||LOW||VERY LOW||LOW|
|Fully Auditable Firmware||YES||NO||YES||YES||NO||NO||YES||YES|
|RCS Talos™||IBM S822LC||Tyan GN70-BP010||Tyan TN71-BP012||ASUS KGPE-D16||SuperMicro X10SRL-F|
|Form Factor||ATX Mainboard||2U Server||2U Server||2U Server||EATX Mainboard||ATX Mainboard|
|CPU Package Count||1||2||1||1||2||1|
|Hardware Enforced Vendor Signatures on Firmware||NO||NO||NO||NO||NO||YES|
|Open Firmware Available||YES||YES||YES||PARTIAL||YES||NO|
|Hardware Schematics Available||YES||PARTIAL||NO||NO||NO||NO|
|Trusted Boot with TPM and Owner Provided CRTM||WIP||WIP||WIP||NO||YES||NO|
|Open FPGA/CPLD Toolchain||YES||NO||NO||NO||N/A||N/A|
|Raw GP Compute Performance||HIGH||VERY HIGH||MODERATE||HIGH||MODERATE||HIGH|
|Fully Auditable Firmware||YES||YES||YES||NO||YES||NO|
All benchmarks were run on the actual hardware listed using Raptor Engineering’s modified version of the "bandwidth" utility. You can read a more detailed analysis of these benchmarks in our October 21, 2016 campaign update.
Hynix 16GB x4 ECC RDIMMs operating at DDR3 PC-12800 speeds were used to generate the following memory benchmarks.
All benchmarks were run on the actual hardware listed using stock LZ4 sources.
|POWER8 / Talos™ @ 3.32 GHz||Intel® Xeon® E3-1270 @ 3.5 GHz|
|LZ4 default||134217728 ->134744128 (100.4%), 6227.7 MB/s||134217728 ->134744128 (100.4%), 4848.7 MB/s||134217728 ->134744128 (100.4%), 1764.6 MB/s|
|LZ4 fast 17||134217728 ->134744128 (100.4%), 6246.4 MB/s||134217728 ->134744128 (100.4%), 4856.4 MB/s||134217728 ->134744128 (100.4%), 1803.0 MB/s|
|LZ4 HC||134217728 ->134742945 (100.4%), 44.4 MB/s||134217728 ->134742945 (100.4%), 49.1 MB/s||134217728 ->134742945 (100.4%), 20.3 MB/s|
|POWER8 / Talos™ @ 3.32 GHz||Intel® Xeon® E3-1270 @ 3.5 GHz|
|LZ4 default||51220480 -> 26441724 (51.62%), 430.3 MB/s||51220480 -> 26441724 (51.62%), 473.7 MB/s||51220480 -> 26441724 (51.62%), 251.7 MB/s|
|LZ4 fast 17||51220480 -> 34055649 (66.49%), 767.5 MB/s||51220480 -> 34055649 (66.49%), 861.0 MB/s||51220480 -> 34055649 (66.49%), 501.2 MB/s|
|LZ4 HC||51220480 -> 22113133 (43.17%), 35.0 MB/s||51220480 -> 22113133 (43.17%), 42.5 MB/s||51220480 -> 22113133 (43.17%), 24.8 MB/s|
All benchmarks were run on the actual hardware listed using stock multichase sources. Results are a measure of latency; lower is better.
WARNING: Validity of pingpong results is questionable at this time
|POWER8 / Talos™ @ 3.32 GHz||Intel® Xeon® E3-1270 @ 3.5 GHz||AMD® Opteron™ 6328 @ 3.2 GHz|
|multichase -m 256k -s 128 -t 16||3.367||4.143||7.406|
|multichase -m 1g -n 60||47.773||58.912||84.184|
|fairness (unrelaxed)||avg 419.4 sdev 17.4||avg 200.3 sdev 6.8||avg 817.3 sdev 273.3|
|avg 417.6 sdev 7.5||avg 200.4 sdev 5.1||avg 895.3 sdev 558.4|
|avg 418.9 sdev 16.4||avg 200.4 sdev 5.0||avg 939.5 sdev 522.3|
|avg 419.4 sdev 17.4||avg 200.5 sdev 5.1||avg 903.4 sdev 442.5|
|avg 419.3 sdev 17.2||avg 200.5 sdev 5.1||avg 947.4 sdev 576.6|
|fairness (relaxed)||avg 406.2 sdev 16.5||avg 206.8 sdev 59.4||avg 910.0 sdev 440.8|
|avg 406.2 sdev 16.2||avg 206.8 sdev 59.4||avg 911.0 sdev 458.7|
|avg 406.4 sdev 16.6||avg 206.7 sdev 59.3||avg 894.4 sdev 464.1|
|avg 406.3 sdev 16.6||avg 206.8 sdev 59.4||avg 967.1 sdev 614.1|
|avg 406.2 sdev 16.3||avg 206.8 sdev 59.4||avg 1495.6 sdev 2335.9|
|pingpong -u (best / worst)||83.9||25.4||42.8|
All benchmarks run on actual hardware listed using stock openssl sources.
|POWER8 / Talos™ @ 3.32 GHz||Intel® Xeon® E3-1270 @ 3.5 GHz|
|sha256 on 16 size blocks||11727614 sha256's in 2.99s||10914039 sha256's in 2.99s||6634242 sha256's in 3.00s|
|sha256 on 64 size blocks||6939319 sha256's in 2.99s||6155672 sha256's in 3.00s||3938033 sha256's in 3.00s|
|sha256 on 256 size blocks||3247902 sha256's in 3.00s||2632052 sha256's in 3.00s||1647055 sha256's in 3.00s|
|sha256 on 1024 size blocks||1044366 sha256's in 2.99s||812946 sha256's in 2.99s||500873 sha256's in 3.00s|
|sha256 on 8192 size blocks||142769 sha256's in 2.99s||108998 sha256's in 3.00s||66807 sha256's in 3.00s|
|aes-256 cbc on 16 size blocks||14710386 aes-256 cbc's in 2.99s||19541372 aes-256 cbc's in 3.00s||13043240 aes-256 cbc's in 3.00s|
|aes-256 cbc on 64 size blocks||3738862 aes-256 cbc's in 3.00s||5203385 aes-256 cbc's in 2.99s||3410443 aes-256 cbc's in 3.00s|
|aes-256 cbc on 256 size blocks||945467 aes-256 cbc's in 2.99s||1319633 aes-256 cbc's in 3.00s||872751 aes-256 cbc's in 3.00s|
|aes-256 cbc on 1024 size blocks||237015 aes-256 cbc's in 2.99s||331752 aes-256 cbc's in 3.00s||503286 aes-256 cbc's in 3.00s|
|aes-256 cbc on 8192 size blocks||29646 aes-256 cbc's in 3.00s||41550 aes-256 cbc's in 2.99s||64019 aes-256 cbc's in 2.99s|
|4096 bit private rsa||401 4096 bit private RSA's in 10.00s||1303 4096 bit private RSA's in 10.00s||771 4096 bit private RSA's in 10.00s|
|4096 bit public rsa||26460 4096 bit public RSA's in 9.98s||82121 4096 bit public RSA's in 9.98s||49485 4096 bit public RSA's in 9.99s|
|Version||OpenSSL 1.0.2e||OpenSSL 1.0.1f||OpenSSL 1.0.1k|
The following video illustrates a variety of x86_64 native binary applications running on a POWER8 machine using QEMU user mode translation. These applications are using the full 3D hardware capabilities of the host POWER8 machine, and have access to the host’s ALSA audio. Applications that primarily use scalar instructions perform quite well, while applications making heavy use of vector instructions experience lag and stuttering due to missing features in QEMU (see notes below). Multiple 3D games were used to demonstrate the feasibility of a non-native engine binary interfacing with the POWER8 host GPU. At the end of the video, several applications are re-launched using native ppc64el builds for a performance comparison.
The following video illustrates the power of Talos™ to accelerate game development. Talos™ allows you to keep your valuable assets and proprietary engine code safe and secure through full owner control, while outperforming similarly priced systems running on the x86 and ARM architectures. Talos™’ massive RAM and GPU bandwidth reduce both compile and asset cook times which frees developers to focus on improving the design and gameplay of their next AAA title.
You’ll need the following components to build out a complete Talos™ system.
If you don’t already have one, you can add a POWER8 CPU to your order. We currently offer 8-, 10-, and 12-core options.
While a full RAM hardware compatibility list (HCL) is not yet available, we can recommend Hynix 16GB x4 ECC RDIMMs operating at DDR3 PC-12800 speeds.
Although an integrated display driver comes with the Talos™ mainboard, you can also install a discrete GPU of your choosing. We recommend any NVIDIA GK104-based card, which is a reasonably modern GPU that can be initialized by and used with the libre Nouveau driver. Should a discrete GPU be installed, the integrated display driver can either be safely disabled or used as a secondary display output, contingent on software support.
A good choice for an enclosure is the Super Micro Computer SC747TG-R1400B-SQ.
Our firmware and software development system for OpenPOWER uses a two-socket reference server from IBM codenamed "Firestone." This allows us to directly verify functionality, check performance, and develop / port new software to Talos™ machines even before Talos™ prototypes have been manufactured. The following images show our test setup.
Angled view of the internals of the Firestone server used for Talos™ prototyping
Top view of the internals of the Firestone server used for Talos™ prototyping
To configure Firestone emulation of Talos™, we pull all cards and disable the secondary CPU package, then we install two memory buffer cards on CP0 and add in PCIe cards containing the new peripherals present on Talos™. While the resultant configuration is not exactly the same as a Talos™ system, and in fact from a pure hardware perspective is quite different, from a performance and software view it is nearly indistinguishable. This configuration is what we use to patch the kernel, modify the OpenPOWER firmware, and gather benchmarks for the Talos™ machines.
We are in the process of converting the Talos™ designs into the requisite PCB layout. During this process, firmware development is occurring in parallel. Once these two processes are complete, initial bringup will commence, followed by full testing and requisite minor modifications before release for manufacture.
We have many years of experience in all aspects of electrical and software engineering, spanning board level layout through high level application development, without any gaps. As a result, we fully understand each and every part of our designs, the interactions between those parts, and are uniquely situated to handle large, complex projects requiring each component to mesh neatly with the surrounding components, whether those components be hardware, firmware, or software. Our design philosophy is to do it right the first time, and we take explicit steps to ensure that the resultant product will operate in a wide range of adverse conditions. For this particular project we also have the backing of our major silicon vendors, who are willing to work with us to ensure that their devices are used correctly and to their maximum potential.
What could go wrong?
With a project of this complexity, there are numerous potential failure points. Raptor Engineering has significant experience in board level design and system bringup, so we have anticipated and handled the most likely points of failure. That being said, certain unknowns still remain:
Crowd Supply can accept a wide array of payment options, though credit card is the easiest way to place an order.
Because this is a crowdfunding campaign, any order you place for a Talos™ system using a credit card will not actually be charged until the campaign reaches the funding goal ($3.7M USD). If we don’t reach that goal, no credit cards will be charged and orders paid by means other than credit card will be refunded.
For some product options, you will need to add a POWER8 processor as a separate line item to your order (or order it separately later). These processors are in "pre-order" mode, which means you will be charged for them right away. However, if the campaign does not meet the funding goal, all pre-orders of POWER8 CPUs will be fully refunded.
Unfortunately, the answer to that question is a little complicated. Basically, it has to do with the complexities of crowdfunding and ensuring that we’re doing all we can to protect backers. Generally speaking, the CPUs are offered separately from the mainboards in order to ensure that the campaign’s funding goal is accurate. While the funding goal is a dollar amount ($3.7M), it is based on a minimum order quantity (MOQ) of Talos mainboards, 900 units. The problem is that basing a campaign on an MOQ is impractical for a number of reasons. For example, backers are unaccustomed to such campaigns, there’s no way to account for support-only pledges, and different components that go into the product can have different MOQs.
Given this reality, the wide price range of CPUs (from $0 if a CPU isn’t wanted, up to $3350 for a 12-core CPU) means it would be basically impossible to accurately or meaningfully set a funding goal. For example, if no one bought a CPU, the goal would be 900 x \$4100 = \$3.7M. On the other hand, if everyone bought a 12-core CPU, then the funding goal would need to be 900 x (\$4100 + \$3350) =$6.7M. Because we can’t possibly predict the demand for each CPU, we therefore need to sell them separately from the mainboards.
You’ll also note that the CPUs are sold in "pre-order" mode as opposed to "crowdfunding" mode, which means your card is charged as soon as the order is placed. That’s because, unlike the mainboards, there is no strict MOQ to meet before they can be manufactured. As with all pre-orders on Crowd Supply, you can cancel and get a full refund at any time. As we note on the CPU page, if the Talos campaign fails to meet its funding goal, all CPU orders will be promptly canceled and refunded in full.
On one hand, this is all a little cumbersome and confusing. On the other hand, it allows you to spread out the cost of purchase over a longer time by giving you the option of purchasing the CPU later. The bottom line is that these processes are in place to best protect backers while maximizing the potential for a successful campaign.
"Whereas all modern x86 systems are encumbered by proprietary firmware and software, such as Intel's Management Engine and Active Management Technology (AMT), the POWER 8 architecture is able to run an entirely free software boot system."
"Um dennoch leistungsfähige moderne Hardware mit freier Firmware nutzen zu können, bietet das Unternehmen Raptor Engineering mit seinen Talos-Workstations Rechner auf Basis der freien Power8-Architektur." "
"Fans of alternative CPU architectures haven’t had it easy the past few decades. Intel and AMD collectively own the desktop, laptop, workstation, and nearly all of the server markets... A new crowdfunding project seeks to change that..."
"Spuštěn byl nový zajímavý crowdfundingový projekt, který slibuje základní desku klasického PC formátu ATX, ovšem ta bude určena ne pro procesory x86, ale pro IBM Power8." "
"Il était un temps où les entreprises, et même les consommateurs, pouvaient choisir autre chose qu’un processeur x86 pour leur PC et serveurs. Raptor tente de revenir à cette époque en proposant une carte mère pour processeur Power8."
"We're bringing open Power architecture to the workstation and high-end desktop level." (Podcast)"
"Those concerned about the secretive firmware Intel and AMD bake into their CPUs and chipsets really have no alternative using modern hardware."
"...promising us new, better, more open and more free systems on which to build our information age."
"[Talos'] target market is anyone dealing with valuable data... they want better visibility over what is happening inside their hardware. The ability to audit firmware means that vendors, hackers and even intelligence agencies cannot hide code."
"Speaking in terms of power (excuse the pun), the POWER8 processors are very competitive with Intel's Xeon series of server processors." "
Produced by Raptor Computing Systems in Austin, TX.
Sold and shipped by Crowd Supply.
Thanks for helping make Talos™ a reality! You will be rewarded with good karma and regular backer updates. Help grow the ecosystem and expand freedom!
Thanks for helping make Talos™ a reality! You will be rewarded with good karma, regular backer updates, and 6 months of SSH access to a dedicated POWER8 virtual machine. Help grow the ecosystem and give POWER8 a try when you support Talos™!
Thanks for helping make Talos™ a reality! You will be rewarded with good karma, regular backer updates, and 12 months of SSH access to a dedicated POWER8 virtual machine. You will even be able to download your complete VM image to a new Talos™ system to seamlessly continue your work on POWER8. Help grow the ecosystem and give POWER8 a try when you support Talos™!
The world's first ATX-compatible, workstation-class mainboard for the new, free-software friendly IBM POWER8 processor. Includes one heatsink and 92 mm fan, one ATX-compatible I/O shield, and a live rescue DVD with factory reset utilities, source code for firmware and FPGA components, mainboard schematics, user manual, and Ubuntu installation media. CPU, RAM, power supply, storage drives, and chassis sold separately.
A complete Talos™ workstation with a CPU of your choice, 128 GB of DDR3 ECC RAM, an AMD Radeon RX 480 (8 GB VRAM) GPU, and two Western Digital WD40EFRX 4 TB SATA drives, all installed in a heavy-duty tower chassis. Comes pre-installed with Debian. Select the CPU by purchasing it as a separate item in the same order or under the same account - the CPU will be installed and ready to go before shipping.
A complete Talos™ server with a CPU of your choice, 128 GB of DDR3 ECC RAM, LSI SAS controller, and two Western Digital 4 TB SAS drives, all installed in a heavy-duty 4U rack mount chassis with 24 3.5" hot swap SAS drive bays and redundant 1200 W power supplies! Comes pre-installed with either Debian or CentOS. Select the CPU by purchasing it as a separate item in the same order or under the same account - the CPU will be installed and ready to go before shipping.
A complete 12-core Talos™ workstation with 256GB of DDR3 ECC RAM, installed in a customized, heavy-duty chassis with your choice of an AMD® FirePro™ or nVidia® Tesla™ graphics card (see list). Also includes built-in 4TB RAID1 (2x 4TB enterprise SAS disks and LSI SAS controller), plus a pre-installed copy of Debian or CentOS to get you up and running in no time!
Austin, TX · raptorcs.com
Raptor Computing Systems was the first vendor to come to market with POWER9, and will be the only source for POWER9 machines in this market segment for the forseeable future. We are the only vendor to offer a full lineup of whitebox-type parts and accessories for POWER9, and are the only vendor to offer a fully libre firmware and hardware solution. Furthermore, we are not just shipping a stock reference design, like other vendors did with POWER8; rather, Talos™ II contains numerous unique features that increase usability, promote openness, and boost system security. Talos™ II is truly one of a kind and is additionally protected against unauthorized hardware clones by patents and/or patents pending, so if you want the benefits of a truly open POWER9 system, be sure to get your Talos™ II today!