Linux PC build (2025)
Hello,
it’s me again. Some of you might remember me from this post, in which I was asking for feedback to build a Linux PC in 2025.
Stuff happened and I didn’t went through with it. So this still my first attempt at a build. Well now I’ve got time and want to try it again.
As you may notice, I’ve ditched the Z790-9 mother board in favor of a MSI PRO B650M-P. My dream of building a coreboot-system is officially dead, thus I decided to build an AMD-System.
Short Listing:
- CPU: AMD Ryzen 7 7700X 4.5 GHz 8-Core
- CPU-Cooler: Thermalright Assassin X 120 Refined SE 66.17 CFM CPU Cooler
- Mother board: MSI PRO B650M-P Micro ATX AM5 Motherboard
- Memory: Patriot Viper Venom 32 GB (2 x 16 GB) DDR5-6000 CL30 Memory
- Storage: Acer Predator GM7000 2 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive
- GPU: Sapphire 21323-01-20G Radeon RX 7900 XT 20 GB Video Card
- Case: Zalman P10 MicroATX Mini Tower Case
- PSU: Thermaltake Toughpower GF1 (2024) 850 W 80+ Gold Certified Fully Modular ATX Power Supply
- Monitor: KOORUI 24E3 24.0" 1920 x 1080 165 Hz Monitor
If you notice anything wrong or have suggestions/improvements don’t hesitate to point them out.
Thanks in advance!!!
Specifications:
-
CPU: AMD Ryzen 7 7700X 4.5 GHz 8-Core Processor
- Boost Clock: 5.4 GHz
- TDP: 105 W
- L2 Chache: 8 MB
- L3 Chache: 32 MB
- Socket: AM5
- iGPU: Radeon
- Max. Memory: 128 GB
- Arch.: Zen 4
-
CPU-Cooler: Thermalright Assassin X 120 Refined SE 66.17 CFM CPU Cooler
- RPM: 1550
- Noise: 25.6 dB
- Height: 148 mm
- CPU-Socket: AM5 and others
-
Mother board: MSI PRO B650M-P Micro ATX AM5 Motherboard
- Chipset: AMD B650
- Memory:
- Type: DDR5
- Slots: 4
- Speed: DDR5-6000
- Max.: 128 GB
- PCIe x16 Slots: 1
- PCIe x1 Slots: 2
- M.2 Slots: 2x 2260/2280 M-key
- SATA 6.0 Gb/s Ports: 4
- Onboard Ethernet: 2.5 Gb/s Port (Realtek RTL8125BG)
- USB 2.0 Headers: 2
- USB 3.2 Gen 1 Headers: 1
- USB 3.2 Gen 2 Headers: 1
-
Memory: Patriot Viper Venom 32 GB (2 x 16 GB) DDR5-6000 CL30 Memory
- First Word Latency: 10 ns
- CAS Latency: 30
- Voltage: 1.35 V
- Timing: 30-40-40-76
-
Storage: Acer Predator GM7000 2 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive
- Cache: 2048 MB
-
GPU: Sapphire 21323-01-20G Radeon RX 7900 XT 20 GB Video Card
- Memory: 20 GB
- Memory Type: GDDR6
- Core Clock: 2000 MHz
- Boost Clock: 2400 MHz
- Interface: PCIe x16
- Length: 276 mm
- TDP: 308 W
- Cooling: 3 Fans
- External Power: 2 x PCIe 8-pin
- DisplayPort: 2.1 Outputs 2
-
PSU: Thermaltake Toughpower GF1 (2024) 850 W 80+ Gold Certified Fully Modular ATX Power Supply
- Length: 140 mm
- Wattage: 850 W
- EPS 8-pin Connectors: 2
- PCIe 6+2-pin Connectors: 6
- SATA Connectors: 8
- AMP/Molex 4-pin Connectors: 4
-
Monitor: KOORUI 24E3 24.0" 1920 x 1080 165 Hz Monitor
- Size: 24"
- Resolution: 1920 x 1080
- Refresh Rate: 165 Hz
- Response Time: 1 ms
- Inputs:
- 1x HDMI 1.4
- 1x DisplayPort 1.2
I am curious why coreboot is important?
Because it lets us disable Intel ME
@marauding_gibberish142 I personally find the Intel ME a useful feature, it’s nice for example to be able to upgrade BIOS without a CPU and/or memory, this has allowed me for example to upgrade the BIOS to a version needed for a newer CPU on a board with a BIOS that didn’t initially support it without needing the older CPU to perform the upgrade. And from a security standpoint, if you do not enable and configure the network stack, and you don’t have a DHCP server available to it for it do so on it’s own, I really don’t see what it can do that is harmful.
How do you not configure the network stack? If you have an Intel NIC on the motherboard/any PCIE lanes in theory it should be able to connect.
What worries me is that someone could perform a reverse shell on my system with/in addition to a magic packet and get full ring 0 access to my system. I’m investigating network monitoring tools that can help me find traces of ME on my network.
Because coreboot is the only way for us to be in full control of the hardware. Any other way there is microcode which is closed source and we have no idea what it is doing. It has full control to everything.
@jeena I grant you that is true, but under Linux, the kernel talks to the hardware directly after boot, not through BIOS calls. About the only time you would talk to the BIOS after boot is for sleep/suspend, or in rare cases such as the server my friendica instance runs on, for temp/CPU speed control because Linux kernel has issues properly using the MSR on the i9-10980xe, oddly it does not seem to have the same issue on the i9-10900x which is a ten core CPU in the same family, so I am forced to depend upon ACPI since talking to the hardware directly in this specific case is problematic. If you were running Windows or if you had weird hardware that is somewhat broken under Linux like mine, I can see the need, or if a laptop and you wanted sleep/suspend functionality. But for what you describe it isn’t clear the benefits. And there are some risks like it probably isn’t going to do the extensive memory training of a more advanced UEFI bios like American Megatrends, so your memory access may not be as efficient as it could be, and you’re more limited in hardware selection.
There’s still microcode and other firmware blobs. Coreboot is just BIOS.