Not all x86

Questions & Discussion about the right Hardware to run IPFire on
Post Reply
rodneyp
Posts: 149
Joined: October 4th, 2010, 2:17 am
Location: Australia

Not all x86

Post by rodneyp » February 26th, 2018, 4:38 am

https://wiki.ipfire.org/hardware/start

still states:

"Basically any x86 based system (with AMD or Intel processor) works very well with IPFire."

Changes to IPFire in recent years result in that statement being less reliable. BIOS upgrades, that might fix the issue, are often no longer available for many older PC.

This potentially deters people from adopting IPFire. Myself and other IPFire users in my computer user group got started with IPFire/IPCop using a discarded PC. That is a "nothing to lose" scenario, particularly for home users.

I suggest that the above statement on the wiki be amended and expanded:

"Most x86 based systems (with AMD or Intel processor) work very well with IPFire.

A minority of PC have unsuitable BIOS parameters set, the most troublesome being "hard drive access mode" for IDE/SATA devices. Depending on the options available, set whatever combination would result in:
CHS DISABLED
LBA ENABLED
Large DISABLED
(if none of the above available, then set AUTO)

If IPFire will not install, or the installation completes, but the machine will not boot to IPFire then try running from a a USB key:

https://wiki.ipfire.org/installation/wr ... lash-image

It should boot and run on virtually any PC that is not in UEFI boot mode, be fully functional and faciliate evaluation of IPFire. However, different PC hardware would be required in order to run IPFire from an internal drive."

User avatar
MichaelTremer
Core Developer
Core Developer
Posts: 5799
Joined: August 11th, 2005, 9:02 am

Re: Not all x86

Post by MichaelTremer » February 26th, 2018, 1:00 pm

Hello,

basically I have to agree with you. We do not support (U)EFI at the moment. That is stated in various places, but not in the hardware section. I will add a sentence and hope that this does not confuse people and let the move away from using IPFire.

Still, most systems are fine. It just seems at the moment that the very cheap new Atom series is often put on boards that do not come with CSM and therefore IPFire won't run. We have tried to raise money for this a few times, but there seems to be little to no interest in funding this work - I think one of the main reason here is that people are looking for a cheap solution. Server systems all support the standard BIOS mode and people who use IPFire in bigger environments don't have that problem at all.

There is a number of reference hardware I recommend taking a look at before making any purchase: https://wiki.ipfire.org/hardware/fountainnetworks/start, https://wiki.ipfire.org/hardware/lightn ... labs/start
Support the project with our Donation Challenge!

Get Commercial Support for IPFire and more from Lightning Wire Labs!

Image

rodneyp
Posts: 149
Joined: October 4th, 2010, 2:17 am
Location: Australia

Re: Not all x86

Post by rodneyp » February 27th, 2018, 3:56 am

I am concerned mainly about potential "trial-horse" machines. I have two mainboards from the "dual-core" era that default to "CHS" and several others from the same era that offer a choice for access mode of only "auto" or "large", where auto assigns as "CHS", in practice. Those in the latter group boot IPFire only after painstaking manual realignment of partitions to start on "cylinder" boundaries and that would be beyond most intending IPFire users. I've tried a couple with the USB key, from which they boot & run OK.

The Fountain networks IpFire Duo Box does look a good reference but shipping costs generally make items from Europe or North America unafordable to my location (Australis). Other posters have reported Qotom boxes working and I have a Supox A8 ITX board that works fine as a desktop and looks like all parameters would suit IPFire, although without hardware RNG.

User avatar
MichaelTremer
Core Developer
Core Developer
Posts: 5799
Joined: August 11th, 2005, 9:02 am

Re: Not all x86

Post by MichaelTremer » February 27th, 2018, 9:27 am

rodneyp wrote:
February 27th, 2018, 3:56 am
I am concerned mainly about potential "trial-horse" machines. I have two mainboards from the "dual-core" era that default to "CHS" and several others from the same era that offer a choice for access mode of only "auto" or "large", where auto assigns as "CHS", in practice. Those in the latter group boot IPFire only after painstaking manual realignment of partitions to start on "cylinder" boundaries and that would be beyond most intending IPFire users. I've tried a couple with the USB key, from which they boot & run OK.
I am not sure why this is troubling you. Since the 90s, I do not remember that I ever needed to change anything there. Do you maybe have a BIOS bug there or just incompatible disks for some reason?
rodneyp wrote:
February 27th, 2018, 3:56 am
The Fountain networks IpFire Duo Box does look a good reference but shipping costs generally make items from Europe or North America unafordable to my location (Australis). Other posters have reported Qotom boxes working and I have a Supox A8 ITX board that works fine as a desktop and looks like all parameters would suit IPFire, although without hardware RNG.
Shipping costs are 5€ worldwide. That shouldn't be an issue for anyone.

I wouldn't say that a HWRNG is a must, but there are a few USB devices out there that should do the job for very cheap money.
Support the project with our Donation Challenge!

Get Commercial Support for IPFire and more from Lightning Wire Labs!

Image

dnl
Posts: 375
Joined: June 28th, 2013, 11:03 am

Re: Not all x86

Post by dnl » March 3rd, 2018, 5:53 am

rodneyp wrote:
February 27th, 2018, 3:56 am
The Fountain networks IpFire Duo Box does look a good reference but shipping costs generally make items from Europe or North America unafordable to my location (Australis). Other posters have reported Qotom boxes working and I have a Supox A8 ITX board that works fine as a desktop and looks like all parameters would suit IPFire, although without hardware RNG.
I donate a small amount to this project every month through paypal. I really want to support the core developers like Michael by purchasing a Duo box, but I just feel it could be better value.

As I also want 3 physical ethernet ports (my BLUE is a multi-AP Ubiquiti solution now) and would prefer a more powerful CPU (I use Snort and a number of resource-heavy IPFire features) I've been considering a Qotom fanless i3 Mini PCs for some time now.
In fact if it wasn't for the Meltdown/Spectre vulnerability mess and the age of CPU models which Qotom sell I would have bought one by now! (I believe the i3-4005U CPUs they sell have the "Intel Secure Key" Hardware RNG feature).

It is my understanding that a hardware random generator is only really of value in IPFire if you use a VPN. Could anyone please confirm?
IPFire 2.x (Latest Update) on x86_64 Intel Bay Trail CPU, 4GiB RAM, RED + GREEN + BLUE + ORANGE

User avatar
MichaelTremer
Core Developer
Core Developer
Posts: 5799
Joined: August 11th, 2005, 9:02 am

Re: Not all x86

Post by MichaelTremer » March 5th, 2018, 3:30 pm

dnl wrote:
March 3rd, 2018, 5:53 am
rodneyp wrote:
February 27th, 2018, 3:56 am
The Fountain networks IpFire Duo Box does look a good reference but shipping costs generally make items from Europe or North America unafordable to my location (Australis). Other posters have reported Qotom boxes working and I have a Supox A8 ITX board that works fine as a desktop and looks like all parameters would suit IPFire, although without hardware RNG.
I donate a small amount to this project every month through paypal. I really want to support the core developers like Michael by purchasing a Duo box, but I just feel it could be better value.

As I also want 3 physical ethernet ports (my BLUE is a multi-AP Ubiquiti solution now) and would prefer a more powerful CPU (I use Snort and a number of resource-heavy IPFire features) I've been considering a Qotom fanless i3 Mini PCs for some time now.
In fact if it wasn't for the Meltdown/Spectre vulnerability mess and the age of CPU models which Qotom sell I would have bought one by now! (I believe the i3-4005U CPUs they sell have the "Intel Secure Key" Hardware RNG feature).

It is my understanding that a hardware random generator is only really of value in IPFire if you use a VPN. Could anyone please confirm?
Hi,

well so if you need three NICs, then the Duo Box is obviously not the right one for you. There is the Eco series which has four and a lot more power, but cost more since those are active NICs and all the other good features about it.

The best way to support the project is to donate. Ideally on a regular basis :) Thank you for that!

But finally I want to say that CPU power of the Duo Box is really really fast. There are faster appliances out there, but for the size and power consumption this one is a really good package, because it does not come with the standard Atom CPUs which have become designed for something else. There is a proper processor in it that delivers amazing single-core performance.

And regarding Spectre/Meltdown: Pretty much everything is affected, so finding a CPU that isn't at all is probably quite hard.

And finally: An RNG can help, but I wouldn't call them a necessity even for VPNs.

-Michael
Support the project with our Donation Challenge!

Get Commercial Support for IPFire and more from Lightning Wire Labs!

Image

Post Reply