Silkenweb Example: Hackernews Clone

Why is the latest Intel hardware unsupported in libreboot? (2017)

187 points by kostko 5 years ago | 124 comments

callekabo 5 years ago
Scrolling up they recommend avoiding Purism hardware because
> In particular, the Intel Management Engine is a severe threat to privacy and security, not to mention freedom, since it is a remote backdoor that provides Intel remote access to a computer where it is present.
However, the Intel ME has been disabled in Purism hardware since 2017.
https://puri.sm/posts/purism-librem-laptops-completely-disab...
- Deukhoofd 5 years ago
  Pretty sure that write up was done around 2009
  - 29083011397778 5 years ago
    Just to clarify and save anyone else from the ambiguity - it looks like TFA should be tagged [2009], while parents link from Pusim is more recent (2017).
  - 5 years ago
- ekianjo 5 years ago
  See this https://blogs.fsfe.org/tobias_platen/2015/09/22/why-i-wont-b...
  - callekabo 5 years ago
    ...which was written in 2015, so also outdated.
osy 5 years ago
Since Intel/AMD also designs the processor they can also put in backdoors beyond ME, microcode updates, etc. If you don’t trust proprietary blobs, I respect that. But you can’t trust proprietary silicon either.
- fsflover 5 years ago
  https://en.wikipedia.org/wiki/Defence_in_depth
  - burnte 5 years ago
    Defense in depth fails when the attacker has unrestricted access to the core of your defense infrastructure.
- ramshorns 5 years ago
  Yeah, microcode updates are proprietary software too. The weird result is that if you want a system with no proprietary software, you end up having to use the original microcode which is burned onto the chip and counts as hardware.
  It's not a perfect solution but maybe it's a reasonable place to draw the line, until we have open source hardware processors using RISC-V or something.
  - fakename11 5 years ago
    Then you have to accept all the bugs with the original...
    - notwedtm 5 years ago
      ...and that a backdoor wasn't written into the original microcode, or that a state-sponsored actor didn't intercept during shipping...
Animats 5 years ago
By now, it's probably reasonable to assume that NSA, GCHQ, the FSB, the Third Department, and Mossad can all use that backdoor.
- AnthonyMouse 5 years ago
  It's probably reasonable to assume that half the attendees at DEFCON can use that backdoor. There are several known vulnerabilities listed in the linked Wikipedia article which have to be patched with a firmware update that some OEMs didn't bother to provide and most users didn't bother to install.
  - ta999999171 5 years ago
    Is the Linux kernel one of them?
- thebruce87m 5 years ago
  I wonder if they have to take turns on my PC. Maybe they kick each other off for a laugh.
  - lexicality 5 years ago
    mom says it's my turn on the RAT
  - 5 years ago
- thulecitizen 5 years ago
  Really? I am curious to know what observations or evidence you base your arguments/predictions on? Do you believe they have an (even better than 'post-Snowden leaks') search-engine like PRISM, but for private networks all around the world?
  Could a user tell it's happening? What signals would indicate this? Is it increased CPU usage disguised as a system process?
  And are you talking about mainstream proprietary OS'es like MacOS and Windows? I already know a little about Intel ME and proprietary silicon, but I don't know where to find a proper analysis, or a blog or book that deep dives into the ramificitions of the existense of these backdoors.
  It seems to also not be in the mainstream consciousness just how serious it could be?
  - mopsi 5 years ago
    > Could a user tell it's happening? What signals would indicate this? Is it increased CPU usage disguised as a system process?
    Intel AMT allows redirecting graphics output and keyboard/mouse/USB input over network connection. It's like a hardware device connected to HDMI port to capture screen and to USB ports to send inputs, but it's built right into the motherboard. It doesn't spawn a process in the operating system or use resources to any meaningful degree. The OS knows about AMT only what the hardware tells it, if anything at all.
    Unlike software-based remote desktop solutions (VNC, TeamViewer), it's independent from the operating system. As long as the system is connected to power, AMT can run. You can log into a fully shut down computer, power it on and see boot logos and access BIOS before the OS even begins to load. You can use AMT to install operationg system on a PC with completely empty hard drive by virtually attaching a CD/DVD or USB install media.
    It's extemely powerful management interface, but it's close-sourced and has a history of serious security flaws.
    - pmlnr 5 years ago
      Occasionally all these features would be quite useful if it was documented and accessible for mere mortals.
    - Animats 5 years ago
      It would be a really good idea to have something on your corporate network listening for management engine traffic.
    - thulecitizen 5 years ago
      Thank you for answering my questions, really insightful!
  - bipson 5 years ago
    The mere fact that you would expect a system process or anything else visible to the operating system, indicates that you haven't read much about Intel ME :/
    - throwaway_pdp09 5 years ago
      I agree with @thulecitizen here, in that his questions were not met constructively. You could have posted a few words and a link or 2 for a newbie.
    - bergstromm466 5 years ago
      > indicates that you haven't read much about Intel ME :/
      I wrote in my comment:
      > I already know a little about Intel ME and proprietary silicon
      So yes this is true, I know only 'a little'. I have only understood that it is a small proprietary OS running underneath the user's OS. I guess from your comment I learned now that this means it is something you can only get at with a diagnostic tool, and it is outside the control of the user's operating system.
      Yes I do not have a CS degree, and I am not a classically trained SWE. Instead I am a self-taught web app developer, with mainly skills in web apps, and not much knowledge yet around OS'es and computing hardware. Yet I am curious to go deeper into Intel ME, since it's existence and the consequences of that do affect me (since I have an intel chip in my computer), hence my questions.
      You write:
      > The mere fact that
      This sounds like you're not wiling to step into a teaching role or share your insights. Do you think it is beneath you to answer questions? It sounds like you want to shame me for my technical incompetence in this area. Is this accurate? If yes, I would like to request that you please not reply to my posts, unless you answer my question authentically and with basic respect/kindness.
      I wish HN was friendlier to beginners, or people willing to ask 'stupid' or 'naive' questions and who have a beginners mindset.
dschuetz 5 years ago
Libreboot is making a strong case for using open firmware in systems, yet it supports only a limited set of mostly outdated system boards. Isn't that a sign that it failed? After so many years?
Don't get me wrong, I definitely support the idea of open firmware and I would gladly adopt libreboot and replace any BIOS firmware on all of my systems. But, not a single system (Intel ME in all of them) is supported. I could donate some of my systems, and money, but how would that help? 20 years of efforts (including the efforts of coreboot) don't seem to have generated any adoption rate. Or is there some info I didn't get?
- stonogo 5 years ago
  In order for libreboot or coreboot to support a system, that system must be almost entirely reverse engineered. As Intel shoved more and more functionality into ME, they also ramped up how aggressively they protected those parts of the system. There is significant crypto involved at this point, and Intel considers almost every component a trade secret to be fiercely protected. It's almost impossible to get access to this information, even under NDA, even as a hardware manufacturer (i.e. system OEMs).
  It's not for lack of trying; the lack of adoption is because Intel is actively hostile to efforts like these and they hold all the cards.
- cmeacham98 5 years ago
  > Or is there some info I didn't get?
  You did read the linked article about how the Intel ME essentially makes an open firmware impossible unless/until Intel decides to help us out, right?
- akiselev 5 years ago
  Did ARM fail because there are still billions of 8052 around? Did 8052 fail because there are now billions of ARM devices?
- neilwilson 5 years ago
  The problem is that the solution is political, not commercial. In terms of political process the "just leave it to us, we'll look after you" argument is winning.
- pmlnr 5 years ago
  You didn't read the reasoning linked, did you?
Silhouette 5 years ago
After all this time, I'm still trying to work out what is in it for Intel and AMD to force these technologies into their chips with no supported option to disable them and then to be so secretive about what they're doing and exactly who has access to what. I'm not generally one for crazy conspiracy theories, but I have to wonder what is going on behind closed doors that this is still being done by both of the two big PC CPU manufacturers despite all the negative press over the years and why national information security agencies haven't made more of a fuss about it.
- state_throw_2 5 years ago
  It’s not a “crazy conspiracy theory” to suggest that intelligence agencies pressure private industry to help them out. Just look at PRISM or Crypto AG. If Intel or AMD tried to refuse they’d be blacklisted for government contracts like Quest, or worse: think about the CIA spying on Congress scandal.
  Maybe once the Chinese or some other adversary get caught using this backdoor to steal secrets, or decide to brick a few million systems remotely, just maybe then security will be considered over spyability.
- garaetjjte 5 years ago
  Negative press is still likely too small to register on business radar. They might be heavily lobbied by movie industries, as they need these features for DRM.
reanimus 5 years ago
AMD's in a similar boat, if you scroll a bit further down too :(
- winter_blue 5 years ago
  Yea, that was disappointing indeed. After reading the first several paragraphs, I was hoping that the answer would be get an AMD processor instead of Intel , but nope.
  I hope that in the future some manufacturer(s) start making fully open source verifiably secure RISC-V (or ARM) processors, and that we have a migration over to that.
  - erk__ 5 years ago
    Another candidate for this is OpenPOWER
  - moonchild 5 years ago
    OpenPOWER/POWER9.
  - numpad0 5 years ago
    Feel free to call it a conspiracy theory, but I firmly believe the IME/PSP is an operation by one of those three letters.
    Intel Management Engine is abbreviated as IME, and AMD Platform Security Processor is abbreviated as PSP. Those are each same abbreviation as Input Method Editor, a mandatory keyboard input layer for East Asian languages, and PlayStation Portable, Sony’s game console which cryptographic security is famously hacked, by the way.
    That can’t be coincidence. Those are names intentionally chosen to make technical information hard to search for.
    So a “clean” CPU can only be built outside of sphere of influence of whichever agency managing IME/PSP, and of course has to be free from its Red counterparts as well. I don’t think that will happen naturally.
    - mqus 5 years ago
      Ok, I'll bite. I call it(the chosen names) a conspiracy theory. I'll explain.
      Search for "intel me" or "amd psp" or "ime psp" and you will find what you're looking for. If you're reading about it or hearing about it you will most likely also know the brand or the company behind it. If you're searching for psp and only find Sony stuff then of course you will repeat your query with more context. Is that not the first thing you will learn when you google something?
      More importantly, they could have chosen much better words/abbreviations for not being "googleable". But they didn't because the IME/PSP is also something they sell to enterprise customers and very openly so.
      Don't get me wrong. I'm still skeptical if those features are needed on consumer hardware and of the intentions behind it but the name being intentionally hard to search for is not something I'm worried about.
    - majewsky 5 years ago
      Show me any three-letter acronym that doesn't have multiple meanings already attached to it.
    - notwedtm 5 years ago
      > That can't be coincidence
      Yes it can.
    - fakename11 5 years ago
      This is conspiracy theory level stuff
pmlnr 5 years ago
Reading this always makes me sad. It's like computing got utterly corrupted post-2008 and there's yet to be a fix.
The tragedy of all this is that a 2008 laptop should be more than enough for today's needs if web development wasn't greedy and was resource aware.
- davidovitch 5 years ago
  There are modern alternative systems with an open firmware stack, for example the Talos II running Power9. Granted, it is not available as a cheap, slick and slim power efficient laptop, but it is real, only twice as expensive and very capable. https://en.m.wikipedia.org/wiki/POWER9
  See performance benchmarks incomparison with AMD/Intel at: https://www.phoronix.com/scan.php?page=article&item=power9-t...https://www.phoronix.com/scan.php?page=article&item=power9-t...
  - smcl 5 years ago
    There's also the Blackbird which is even more affordable - https://raptorcs.com/content/BK1B01/intro.html. It's still sadly more than I could justify spending - for my non-portable needs I use a ~5 year old Intel NUC which was cheap as chips and still going strong. But if that ever changes a Talos POWER-based system is at top of my list.
    The Talos guys pop up in the comments on HN now and then and they're very pleasant.
    - znpy 5 years ago
      > https://raptorcs.com/content/BK1B01/intro.html
      That motherboard + cpu bundle costs $1732 (plus shipping, I guess).
      I mean... Okay, it's super cool, but... I doubt that most people can affort that.
- cookiengineer 5 years ago
  > It's like computing got utterly corrupted post-2008 and there's yet to be a fix.
  The ironic thing is that OP's posted article were news from 2009. Now, a decade later, we almost expect another total Intel CPU failure every year due to all the problems the architecture had while still promising sandboxed security.
  But, as with all self-claimed "secure systems". If there's no audit, it cannot be seen as unsecure. Security through obscurity is pretty much the definition of how the hardware sector protects their IP these days.
  And, of course, RISC V will be the solution. But honestly, I stopped believing in it years ago. As long as there's no computer system available in the same price range as the market leaders (aka Intel and AMD), you can forget about it.
  - jchw 5 years ago
    I think the market for enthusiast machines shrinking might just help make the case for lower but still meaningful volume of RISC-V machines. That said, I do think it’s unclear how there would ever be a pathway for them to go from hobbyist machines to competing with AMD and Intel.
    - yvdriess 5 years ago
      RISC-V has found a niche in anything embedded that needs some decent performance, especially in storage and networking. With a little imagination you can see some products there merge with other functionalities and take over larger markets, e.g. a NAS product line incorporating smart home and smart speaker functionality, evolving into 'home box' systems.
- papermachete 5 years ago
  System76 sells coreboot and ME-disabled computers at quite a mark-up. Yay free market.
  - actionowl 5 years ago
    coreboot utilizes binary blobs though
- ta999999171 5 years ago
  What sites are you using that you can't force into mobile/low bandwidth mode? Most popular services have a way - and the ones that don't, third party apps/applications.
  My 2012 T420's work just fine as daily drivers for anything work or personal.
- draw_down 5 years ago
  Reading this and then getting mad at web developers is such a funny reaction.
- Lammy 5 years ago
  Post-June-2007, but yeah I guess that would round up:
  https://en.m.wikipedia.org/wiki/IPhone_(1st_generation)
rdslw 5 years ago
Can we please change titlle: s/latest Intel/post-2008 Intel/
otherwise is clickbaity.
zwaps 5 years ago
This is really sad. I am sure hundreds of hours were spent on this project with now essentially does nothing.
Does this mean all free software advocates are stuck on archaic pre 2010 hardware?
- vbezhenar 5 years ago
  Pre-2010 hardware is not archaic. I would argue that there was very little progress since 2010.
  - zwaps 5 years ago
    really? Which laptops from 2010 have 13-15 hours of battery life?
    Which consumer/workstation computer from 2010 feature 32-64 cores?
    How much RAM could you put into such machines? etc.
    - detaro 5 years ago
      I wouldn't necessarily agree with "very little progress", but:
      Thinkpad X220 is from 2011, but was far from alone in reaching such battery life (it's just the one I have first-hand experience with). Workstation laptops from the time (e.g. Thinkpad W510) can take 32 GB, just as most laptops today, and thus remained viable machines for a long time. Many-core systems are more possible today, but also far from the standard. 4-8 cores is still the default.
ganzuul 5 years ago
I wonder if Right to Repair legislation would help us with this.
- majewsky 5 years ago
  This has nothing to do with repair because the product is not broken by any meaningful definition of the word "broken". It's just ill-designed from a certain POV.
  - ganzuul 5 years ago
    In the context of the proposed laws, does it have to be already broken for it to be considered repairable?
    Personally I'd rather not see the law as a bludgeon aimed at Intel's head but rather as a protocol or platform for communication about this issue. For example an if they released their overclockable CPUs with an individual encryption key for the ME, putting the end-users' interests first, I might be interested in being their customer once again. Right now I have a 2500k SandyBridge and no reason at all to upgrade, and certainly not with an Intel device.
dependenttypes 5 years ago
It would be nice if all these Intel engineers that comment on all kinds of social and technological issues also commented on these topics regarding their company. Last time that I asked one of them if there is any plan to let us disable ME or make it foss I got no reply.
_ofdw 5 years ago
Did I misunderstand or didn't someone find a way to neuter and/or disable Intel ME by setting the NSA High Assurance bit?
- ornornor 5 years ago
  I think it only works for older versions of IME.
karlding 5 years ago
> One module is the operating system kernel, which is based on a proprietary real-time operating system (RTOS) kernel called “ThreadX”. The developer, Express Logic, sells licenses and source code for ThreadX. Customers such as Intel are forbidden from disclosing or sublicensing the ThreadX source code.
Now that Microsoft has acquired Express Project [0], I wonder if those terms will change, especially since they're trying to compete in IoT against Amazon (who acquired FreeRTOS). Of course, this is a relatively small issue compared to the rest highlighted in the post though.
[0] https://blogs.microsoft.com/blog/2019/04/18/microsoft-acquir...
puzzledobserver 5 years ago
Asking someone who took their last (undergraduate) architecture course more than a decade ago: Is it possible to design a motherboard that will shield the user against Intel ME / AMD PSP-induced shadiness? Would it be possible to do this without performance impact?
- fsflover 5 years ago
  Probably something like this should help: https://blog.invisiblethings.org/papers/2015/state_harmful.p...
- alpaca128 5 years ago
  I heard someone from Purism talk about designing their own mainboard against ME, but it seems like they found a better and more complete solution by now which uses Coreboot:
  https://news.ycombinator.com/item?id=15510428
xyz-x 5 years ago
Are these side-channel based management technologies turns on even on MacBook laptops?
- mmphosis 5 years ago
  That is a great question. I would assume that they are because the Intel management technology is currently built in to ALL Intel chips for the past 10 years. It may be a good thing that Apple is looking at building their own ARM based Macs.
aftbit 5 years ago
> What can I use, then?
> Libreboot has support for fam15h AMD hardware (~2012 gen) and some older Intel platforms like Napa, Montevina, Eagle Lake, Lakeport (2004-2006). We also have support for some ARM chipsets (rk3288). On the Intel side, we’re also interested in some of the chipsets that use Atom CPUs (rebranded from older chipsets, mostly using ich7-based southbridges).
This is why I still run Intel hardware, even with the ME. A truly free computing platform seems to be incompatible with high performance modern chips at the moment.
tomxor 5 years ago
Hypothetical: The keys are available one way or another, now anyone can sign firmware.
... Is this even worse?
Sure we can get our SPI programmers out and be sure whats on there, but what about 99% of all other users who are now exposed not only Intels potential abuse of ME, but all vendors and anyone who intercepts devices. I obviously don't like IME/PSP but perhaps the only safe option is to push for removal not opening.
- vbezhenar 5 years ago
  The best option is UI for users to add their own keys.
novok 5 years ago
So what are system76 & purism computers missing with their coreboot systems compared to the list of problems in this page?
- papermachete 5 years ago
  Libreboot is blob-free.
unixhero 5 years ago
This is why I have an Apple Powermac G5 or two stored in my basement. These run entirely free of that backdoor.
- rrdharan 5 years ago
  How does it help that they're in your basement? Are you using them for anything? If not, when will you know to switch to them?
  What's the threat model and what would be your signal to go start using them and abandoning your presumably more modern system, and how would you keep the software on them secure? Will you use Gentoo, given that Debian has dropped PPC?
  - unixhero 5 years ago
    Threat model? Uhm. I think your asking me a bit too parameterized as I don't get your question. I will begin using them permanently of we get even more scandals. Also they are there as a fall back, but precisely for this purpose to protect myself against backdoored CPU architectures.
    Ubuntu1604 works perfectly. They are set up and ready to use.
    I have Python 3.x and all other major packages ready for me to be productive with.
  - mmphosis 5 years ago
    https://voidlinux-ppc.org/
    - unixhero 5 years ago
      https://t2sde.org/
- wolf550e 5 years ago
  Can you build a modern browser to run on PPC? Say, latest fully patched firefox? Because using the browser that comes with Ubuntu 16.04 is not an option, security wise.
  - mmphosis 5 years ago
    For Mac OS X 10.5.8 on PowerPC, there is even a specific G5 binary ...
    http://www.floodgap.com/software/tenfourfox/
    Otherwise for Linux on PowerPC, you can build a modern browser. There are also pre-built binaries:
    https://forums.macrumors.com/threads/arctic-fox-web-browser-...
rckoepke 5 years ago
> Traffic is encrypted using SSL/TLS libraries, but recall that all of the major SSL/TLS implementations have had highly publicized vulnerabilities.
I'm not sure this is a valid criticism...wouldn't we be more worried if they were using anything else instead?
- moonchild 5 years ago
  No SSL => MITMer can definitely read your traffic trivially.
  Broken SSL => MITMer can possibly negotiate insecure and read your traffic anyway. MITMer can also possibly cause a denial-of-service, or get arbitrary code execution on that one chip that controls your entire CPU.
  If I had to choose, I would take the first option.
  (This precludes options like removing the IME entirely, or updating it to a version with non-broken SSL.)
  - rckoepke 5 years ago
    I'm coming from a place of good faith here so bear with me. My understanding is that any vulnerability here would also exist in accessing any HTTPS website. I'm assuming you wouldn't choose to browse the web without SSL/TLS, so I'm assuming the difference here is that it's the CPU management chip instead of your browser?
    I suppose that if you broke SSL/TLS you could commandeer arbitrary AWS/GCP/Azure instances.
    For that matter, do you trust SSL/TLS significantly less than SSH?
    I guess I'm still having trouble wrapping my head around the idea of not using SSL/TLS.
    - wizzwizz4 5 years ago
      My browser is sandboxed. The worst it can do is ransomware my files – and the Tor Browser can't even do that thanks to the AppArmor rules. (If I set my machine up properly, it wouldn't even be able to ransomware my files.)
      The CPU management chip can ransomware my files while the computer is "off", corrupt my backups as I load them, steal my passwords, steal my bank details, dynamically modify the traffic to make it look like my bank balance hasn't gone down…
    - progval 5 years ago
      Nitpick: Remote code execution is breaking a TLS implementation (eg. openssl), not breaking TLS itself.
      > so I'm assuming the difference here is that it's the CPU management chip instead of your browser?
      Yes.
      If a vulnerability is found in a SSL/TLS implementation, it can be fixed with a software update.
      I don't know how Intel ME works, but I'm guessing updating it is harder to update than a browser.
      > For that matter, do you trust SSL/TLS significantly less than SSH?
      I'm not the GP, but I'm guessing they do. TLS solves a more complex problem than SSH, as SSH assumes the user validates a server's public key manually (even though they usually don't, but TOFU [1] makes it somewhat harder to exploit), whereas a TLS server's key can change at any time.
      [1] https://en.wikipedia.org/wiki/Trust_on_first_use
    - moonchild 5 years ago
      There is no specific TLS flaw. The TLS spec is very complicated, so it's difficult to make a library that implements it without bugs. Insofar as TLS implementations have bugs, the TLS implementation in by browser can be updated to fix those bugs. The TLS implementation in my IME cannot.
- AnthonyMouse 5 years ago
  Not if the "anything else" was for this part of the system to not exist and/or not have any network access.
ajxs 5 years ago
I'll preface this question with the disclaimer that I'm a true believer in the mission of Coreboot/Libreboot. Playing devil's advocate, if Intel were to release the signing key for the ME, or Intel Boot Guard, wouldn't this increase the likelihood of a malicious vendor preinstalling a rootkit in hardware that uses Intel CPUs?
To answer in advance regarding the likelihood of this happening. There's already been enough instances of various hardware vendors using very nefarious means to extend the capabilities of their devices and peripheral device drivers. Also, what reason do we have to assume that Google's own interest in this area is any more trustworthy? I suppose it's a moot point for many whether or not google can get rootkit level access to people's devices when so many people are using Android.
Of course, I consider the presence of the ME to inherently constitute a rootkit for alphabet-soup US government agencies and the Mossad already.
- jchw 5 years ago
  Any big corporation with security competence is going to seriously care about the security of their corporate and production fleet; the stakes for securing systems only ever increases over time, and threats are only getting more sophisticated. So you don’t necessarily need to believe in the altruism of a corporation to see why their interest in secure computing at lower levels of the stack may actually line up with user’s interests more or less.
  But honestly, the best argument here is don’t trust anyone; In theory anyone can inspect the source code and binaries for Corebooted devices. It’s not perfect and there’s obviously cases where you can never be 100% sure there’s no tricks, but IMO it’s still a lot better than the alternative of having roughly the same drawbacks but no visibility.
  I’m not sure where this fits in in the grand scheme of things though, because in all honesty trust in computing seems like it’s an unending rabbit hole ripe for abuse. Intel ME may even have been born with genuinely good intentions, but I do think it’s secretive, blackbox nature is the absolute worst part of it all.
  (Obligatory disclaimer, I work for Google, all of these opinions are just my personal opinions.)
  - ajxs 5 years ago
    > ...you don’t necessarily need to believe in the altruism of a corporation to see why their interest in secure computing at lower levels of the stack may actually line up with user’s interests more or less.
    Of course. We're not talking about just any corporation here though, not even just any hardware manufacturer. You're right that security is in everyone's interests. My mentioning Google is referencing a company whose business consists of collecting and marketing information on their users. I think this changes the risk profile somewhat.
    > ...In theory anyone can inspect the source code and binaries for Corebooted devices...
    Pardon me if there's a big hole in my understanding of firmware RE, In reference to the Coreboot'ed Chromebooks, it sounds like this should read "anyone can inspect the source code and binaries of Coreboot". We still have to take at face value what firmware is actually installed on a device. I don't mean to sound nitpicky or mean, I just think that Google's motivations warrant extra scrutiny. I agree with your sentiments overall.
    > ...Intel ME may even have been born with genuinely good intentions...
    This might be the case, but the way Intel has treated the topic could not possibly foster any kind of trust with its user-base. Also, these features offer extremely little to the average user. I'd like to be corrected on this if I'm wrong, what does Intel ME actually do for a user like myself? Surely it would lower costs in a non-trivial way to just remove it for non-corporate customers if the intentions were even the least bit genuine.
  - ganzuul 5 years ago
    Is Google at risk because of this? I have consolidated all my private stuff to only Google instead of spreading it all over FB, MS, Apple, and other vendors.
    - jchw 5 years ago
      At risk because of Intel ME/integrity based attacks? I simply don’t know. I assume the risk is managed some way or another, probably a lot with network security. I personally was more bothered by CPU vulnerabilities, and there’s also the looming threat of DRAM vulnerabilities, but for now it seems like almost anything can be effectively mitigated at some cost.
- iforgotpassword 5 years ago
  > There's already been enough instances of various hardware vendors using very nefarious means to extend the capabilities of their devices and peripheral device drivers.
  Sadly enough I think this is a good point. You could say it's the same as saying closed source software and operating systems would be better for that reason, which I wouldn't agree with at all, but this would feel somewhat different.
  You would have to force GPL like sharing of modified firmware, but it seems much more involved to verify this on a vendor to vendor basis than say, finding that Lenovo ships some nefarious Windows software preinstalled. As an enthusiast you can just reflash after purchase to be sure, but the average consumer might suffer.
  It sucks but the only real solution I see is to just remove these things altogether again.
- bubblethink 5 years ago
  >wouldn't this increase the likelihood of a malicious vendor preinstalling a rootkit ?
  Vendors already fuse their keys using bootguard. So if they want to install rootkits, they can do that now. Lenovo already did that with superfish. Bootguard doesn't make any assurances about the quality of the bios. It just says to the consumer that this machine's bios came from the vendor. Sort of like the https padlock.
  I think what you mean to ask is how we could ensure the integrity of the boot flow up to the OS without bootguard. It can be done higher up in the stack. Chromebooks do it pretty well. There are other projects like heads that do it as well. Your chain of trust needs to extend into the OS for it to be meaningful.
  - ajxs 5 years ago
    The points you make in your post are very valid. My post was made in the context of the Intel ME's wide range of invasive capabilities. If your purpose was to perform surveillance on your customers, the ME would grant you even more reach than BIOS firmware would. You've already addressed the fact that users need to trust the quality of their firmware at face value. This is hard enough already, let alone with hardware vendors being able to access the ME.
    Just to clarify ( as if I haven't clarified this enough ), I'm in favor of Intel releasing the keys.
- Iolaum 5 years ago
  The ask is not to allow users to install firmware with the vendor's key but with their own key.
  - ajxs 5 years ago
    Sure. This would seem to imply hardware vendors having prior access to the ME. The vast majority of users don't flash their BIOS with custom firmware, simply using whatever firmware the vendors give them. Users having the ability to install their own firmware would mitigate this risk, at the expense of a riskier overall ecosystem.
imissmymind 5 years ago
What about sbc's? afaik, they wouldn't be subject to any of this and since Intel and amd are doomed, wouldn't something like a pinebookpro or rpi make for a secure, yet affordable, solution?
- notwedtm 5 years ago
  Perhaps I need more coffee, but I can't tell if there is sarcasm in this or not.
  - imissmymind 5 years ago
    Wasn't being sarcastic. Assuming your workload can support the hardware, why isn't this a viable alternative? I could do ~99% of my job with one. People below are asking about affordable ways around this and it made me think of this
tutfbhuf 5 years ago
What is the most modern laptop that I can use with libreboot, as of today?
- fsflover 5 years ago
  https://ryf.fsf.org/categories/laptops
  - tutfbhuf 5 years ago
    12 year old Thinkpad with Intel Core 2 Duo
- opan 5 years ago
  Asus C201 Chromebook, I believe.
  - 5 years ago
crashbunny 5 years ago
stupid question I'm mildly wondering
> Another module is the Dynamic Application Loader (DAL), which consists of a Java virtual machine
What does that mean in regards to using intel hardware and oracle's java license mentioning nuclear weapons?
I thought it mentioned nuclear facilities but it looks like it changed at some stage.
tinus_hn 5 years ago
Realistically if some party made use of these backdoors regularly someone would probably have noticed the traffic already.
- speedgoose 5 years ago
  You have smartphones uploading location data and browser history every day for years and it almost goes unnoticed.
  - tinus_hn 5 years ago
    That’s not a secret, it’s pretty well known. It only takes one person to notice.
  - ReptileMan 5 years ago
    How can this go unnoticed when it is common knowledge? There is difference between don't know and don't care. So far the people that care are a tiny vocal minority. Unfortunately.
- moonchild 5 years ago
  So they're (probably) not used 'regularly'. That's mildly reassuring. But I have no doubt they're using it as often as they can get away with, which is more than never.
- Neil44 5 years ago
  I was thinking that, but if I was being smart about it I’d loop the traffic back through localhost and out of an innocent ssl connection.
- ajxs 5 years ago
  If you have firmware level access to a device like an NIC, you could theoretically circumvent the NIC reporting any network activity at all from your actions. This wouldn't cover external network monitoring of course, but how often do you scour the packet logs of your router's I/O?
  - tinus_hn 5 years ago
    For it to remain a secret it has to be noticed by nobody. I do not regularly scour packet logs but you can be sure people exist who do.