I want to buy an MNT Reform. How do I do that?

I encountered the MNT Reform earlier this year. I’m looking for a secure enclave: a laptop where I can store all my data and passwords and encrypted files safely.

Correct me if I’m wrong, I hear that the MNT Reform 2.0 is nearly completely free software, with a couple of minor binary blobs (What are they?) Because the hardware

is ARM-based, it doesn’t have Intel’s ME or AMD’s PSP. (Are there any known backdoors?) It’s also much cheaper than most competing products, like the Raptor Blackbird.
I’ve also read that there are hardware upgrades being proposed.

The only problem is that it isn’t available in the shop. And there are no posted plans anywhere on when they’ll be sold again.

I need a new secure enclave soon. Does anyone know when the next batch of MNT Reforms are shipping?

If it isn’t going to ship soon, can you guys recommend an alternative? Older Intel laptops (RYF-type stuff) are too old and probably have hardware level

vulnerabilities like Spectre. The Raptor Blackbird isn’t portable and costs US $3,000.

Hi! MNT Reform is currently for preorder through Crowd Supply: https://www.crowdsupply.com/mnt/reform

Orders will start at some point soon via the MNT Research online store: https://shop.mntre.com/

December. That’s further out than I had hoped.

Which version of the Reform is it? The one with Cortex-A15 (?) or the proposed Cortex-A72 (?).

Here’s description from the handbook:

MNT Reform release 1 ships with the Boundary Devices Nitrogen8M_SOM CPU module, which features an NXP i.MX8MQ SoC with 4x Cortex-A53 cores clocked at 1.5GHz, Vivante GC7000L GPU, 4GB LPDDR4 memory and 16GB eMMC flash storage.

AFAIK there’s only one blob required to use the system. It’s the DDR4 training blob that is run once at boot as part of memory initialization. It’s not signed though so it could be reverse engineered and re-implemented if someone gets the motivation.

The other blob is optional and it’s for the HDMI output which you can enable by changing the DTB loaded at boot. That one is signed so re-writing would be a bit more difficult, but it can also just be ignored if the external HDMI is not needed.

Security is all going to be relative to your threat model. Do you want open-ness? Or maximum security. There’s no TPM chip or any secure-boot if that’s what you desire (attempting to prevent evil maid type attacks).

Not even the ARM Cortex A53 which does not have out-of-order execution like the newer A72 and such can still be vulnerable to spectre-like attacks (https://arxiv.org/pdf/2007.06865.pdf). The Raptor Blackbird you mentioned is also vulnerable to Spectre/Meltdown, POWER9 isn’t immune there. The Speculative Execution Impact For A 4-Core POWER9 Blackbird Desktop - Phoronix

In terms of upgradability, the CPU module is a removable on a DIMM-connector module. It currently is a quad core Cortex A53 as ruff mentioned above, with possibly upgrades being a dual core A72, a FPGA based module, and whatever comes up down the line.

1 Like

Chartreuse, thanks for the run down.

I’m not on the run from government agents, but I’m essentially looking for a computer without a software/hardware

backdoor for obvious reasons. I’d like an open version of secure boot, but I don’t need it. I just want to connect to the

internet without some government or criminal organization being able to gain unauthorized access to my device via

something like Intel’s ME or AMDs platform security processor. Intel and AMD don’t produce any such chips, but ARM does which is why I wanted an MNT Reform.

I know that Spectre and Meltdown style attacks are possible, but I don’t think the Cortex A53 has been shown vulnerable to

it, has it?

In the forum, there was a discussion that suggested the next batch of MNT Reforms might be using the A72. Does anyone know why this isn’t the case? Has it just been postponed?

This twitter thread might have some answers for you:

Thanks CliffyA. They got the Cortex A72 board working back in June. And lukas said they’d have the MNT Reforms based on the new board out in less than a year.

Does that mean the December 9 batch will based on Cortex A72? Is the current notice on Crowd Supply that says the next batch will used A53 Cortex just a placeholder? Or does no one know whether the Cortex A72 Reforms will be ready by December?

It’s been almost three months since there was word about this matter. I hope someone official can soon post a reply, because I’d like clarification before putting down a 1000 dollars.

I’d expect modifying outstanding orders to instead ship with the LS1028A SOM would be a logistical headache. It is safe to presume that if you order a Reform from CS today, you’ll be getting a device powered by the Nitrogen8M SOM.

As for waiting for alternative configurations on CS or the MNT shop, this may provide an estimate for when such an option may become available:

1 Like

Just a note: whether a future batch of Reforms ships with A53s or A72s (or Risc-5, etc) the beauty is that the CPU is end-user swappable; it is an SoM daughterboard. If the A72 is unsuitable (maybe it supports ooo execution and thus susceptible to certain attacks, I can’t remember if that applies here) no worries, just install an appropriate SoM. The SoMs should be pretty affordable.

1 Like

I know that Spectre and Meltdown style attacks are possible, but I don’t think the Cortex A53 has been shown vulnerable to

The paper I linked shows Spectre-esque attacks on the A53, specifically in that case a Raspberry Pi 3. It’s not quite as full blown but some attacks are possible. Definitly better than an intel x86-64 processor say, and clearly nothing critical enough that mitigations are being applied currently by the linux kernel.

If running without a closed source cpu like the Intel ME/PSP is your goal then yes the reform would be good for that. It does have an onboard microcontroller (the LPC) which controls power of the system and bootup, but the source for that is all open at reform2-lpc-fw · master · Reform / reform · GitLab

The A72 will be on a replacement CPU module, and possibly won’t be the default option anyways on future reforms. Due to chip shortages and all that I wouldn’t hold out on waiting for that to become available, go with the A53 based one and then you can simply replace the cpu module (it’s in a DDR dimm socket) at a later time when it’s finalized.

If Spectre attacks are a concern the A53 is slightly better in that concern anyway as it’s an in-order core, while the A72 is out of order.