> In particular, the Intel Management Engine is a severe threat to privacy and security, not to mention freedom, since it is a remote backdoor that provides Intel remote access to a computer where it is present.
However, the Intel ME has been disabled in Purism hardware since 2017.
https://puri.sm/posts/purism-librem-laptops-completely-disab...
It's not a perfect solution but maybe it's a reasonable place to draw the line, until we have open source hardware processors using RISC-V or something.
Could a user tell it's happening? What signals would indicate this? Is it increased CPU usage disguised as a system process?
And are you talking about mainstream proprietary OS'es like MacOS and Windows? I already know a little about Intel ME and proprietary silicon, but I don't know where to find a proper analysis, or a blog or book that deep dives into the ramificitions of the existense of these backdoors.
It seems to also not be in the mainstream consciousness just how serious it could be?
Intel AMT allows redirecting graphics output and keyboard/mouse/USB input over network connection. It's like a hardware device connected to HDMI port to capture screen and to USB ports to send inputs, but it's built right into the motherboard. It doesn't spawn a process in the operating system or use resources to any meaningful degree. The OS knows about AMT only what the hardware tells it, if anything at all.
Unlike software-based remote desktop solutions (VNC, TeamViewer), it's independent from the operating system. As long as the system is connected to power, AMT can run. You can log into a fully shut down computer, power it on and see boot logos and access BIOS before the OS even begins to load. You can use AMT to install operationg system on a PC with completely empty hard drive by virtually attaching a CD/DVD or USB install media.
It's extemely powerful management interface, but it's close-sourced and has a history of serious security flaws.
Don't get me wrong, I definitely support the idea of open firmware and I would gladly adopt libreboot and replace any BIOS firmware on all of my systems. But, not a single system (Intel ME in all of them) is supported. I could donate some of my systems, and money, but how would that help? 20 years of efforts (including the efforts of coreboot) don't seem to have generated any adoption rate. Or is there some info I didn't get?
It's not for lack of trying; the lack of adoption is because Intel is actively hostile to efforts like these and they hold all the cards.
You did read the linked article about how the Intel ME essentially makes an open firmware impossible unless/until Intel decides to help us out, right?
Maybe once the Chinese or some other adversary get caught using this backdoor to steal secrets, or decide to brick a few million systems remotely, just maybe then security will be considered over spyability.
I hope that in the future some manufacturer(s) start making fully open source verifiably secure RISC-V (or ARM) processors, and that we have a migration over to that.
Intel Management Engine is abbreviated as IME, and AMD Platform Security Processor is abbreviated as PSP. Those are each same abbreviation as Input Method Editor, a mandatory keyboard input layer for East Asian languages, and PlayStation Portable, Sony’s game console which cryptographic security is famously hacked, by the way.
That can’t be coincidence. Those are names intentionally chosen to make technical information hard to search for.
So a “clean” CPU can only be built outside of sphere of influence of whichever agency managing IME/PSP, and of course has to be free from its Red counterparts as well. I don’t think that will happen naturally.
The tragedy of all this is that a 2008 laptop should be more than enough for today's needs if web development wasn't greedy and was resource aware.
See performance benchmarks incomparison with AMD/Intel at: https://www.phoronix.com/scan.php?page=article&item=power9-t... https://www.phoronix.com/scan.php?page=article&item=power9-t...
The Talos guys pop up in the comments on HN now and then and they're very pleasant.
The ironic thing is that OP's posted article were news from 2009. Now, a decade later, we almost expect another total Intel CPU failure every year due to all the problems the architecture had while still promising sandboxed security.
But, as with all self-claimed "secure systems". If there's no audit, it cannot be seen as unsecure. Security through obscurity is pretty much the definition of how the hardware sector protects their IP these days.
And, of course, RISC V will be the solution. But honestly, I stopped believing in it years ago. As long as there's no computer system available in the same price range as the market leaders (aka Intel and AMD), you can forget about it.
otherwise is clickbaity.
Does this mean all free software advocates are stuck on archaic pre 2010 hardware?
Which consumer/workstation computer from 2010 feature 32-64 cores?
How much RAM could you put into such machines? etc.
Personally I'd rather not see the law as a bludgeon aimed at Intel's head but rather as a protocol or platform for communication about this issue. For example an if they released their overclockable CPUs with an individual encryption key for the ME, putting the end-users' interests first, I might be interested in being their customer once again. Right now I have a 2500k SandyBridge and no reason at all to upgrade, and certainly not with an Intel device.
Now that Microsoft has acquired Express Project [0], I wonder if those terms will change, especially since they're trying to compete in IoT against Amazon (who acquired FreeRTOS). Of course, this is a relatively small issue compared to the rest highlighted in the post though.
[0] https://blogs.microsoft.com/blog/2019/04/18/microsoft-acquir...
> Libreboot has support for fam15h AMD hardware (~2012 gen) and some older Intel platforms like Napa, Montevina, Eagle Lake, Lakeport (2004-2006). We also have support for some ARM chipsets (rk3288). On the Intel side, we’re also interested in some of the chipsets that use Atom CPUs (rebranded from older chipsets, mostly using ich7-based southbridges).
This is why I still run Intel hardware, even with the ME. A truly free computing platform seems to be incompatible with high performance modern chips at the moment.
... Is this even worse?
Sure we can get our SPI programmers out and be sure whats on there, but what about 99% of all other users who are now exposed not only Intels potential abuse of ME, but all vendors and anyone who intercepts devices. I obviously don't like IME/PSP but perhaps the only safe option is to push for removal not opening.
What's the threat model and what would be your signal to go start using them and abandoning your presumably more modern system, and how would you keep the software on them secure? Will you use Gentoo, given that Debian has dropped PPC?
Ubuntu1604 works perfectly. They are set up and ready to use.
I have Python 3.x and all other major packages ready for me to be productive with.
http://www.floodgap.com/software/tenfourfox/
Otherwise for Linux on PowerPC, you can build a modern browser. There are also pre-built binaries:
https://forums.macrumors.com/threads/arctic-fox-web-browser-...
I'm not sure this is a valid criticism...wouldn't we be more worried if they were using anything else instead?
Broken SSL => MITMer can possibly negotiate insecure and read your traffic anyway. MITMer can also possibly cause a denial-of-service, or get arbitrary code execution on that one chip that controls your entire CPU.
If I had to choose, I would take the first option.
(This precludes options like removing the IME entirely, or updating it to a version with non-broken SSL.)
I suppose that if you broke SSL/TLS you could commandeer arbitrary AWS/GCP/Azure instances.
For that matter, do you trust SSL/TLS significantly less than SSH?
I guess I'm still having trouble wrapping my head around the idea of not using SSL/TLS.
To answer in advance regarding the likelihood of this happening. There's already been enough instances of various hardware vendors using very nefarious means to extend the capabilities of their devices and peripheral device drivers. Also, what reason do we have to assume that Google's own interest in this area is any more trustworthy? I suppose it's a moot point for many whether or not google can get rootkit level access to people's devices when so many people are using Android.
Of course, I consider the presence of the ME to inherently constitute a rootkit for alphabet-soup US government agencies and the Mossad already.
But honestly, the best argument here is don’t trust anyone; In theory anyone can inspect the source code and binaries for Corebooted devices. It’s not perfect and there’s obviously cases where you can never be 100% sure there’s no tricks, but IMO it’s still a lot better than the alternative of having roughly the same drawbacks but no visibility.
I’m not sure where this fits in in the grand scheme of things though, because in all honesty trust in computing seems like it’s an unending rabbit hole ripe for abuse. Intel ME may even have been born with genuinely good intentions, but I do think it’s secretive, blackbox nature is the absolute worst part of it all.
(Obligatory disclaimer, I work for Google, all of these opinions are just my personal opinions.)
Of course. We're not talking about just any corporation here though, not even just any hardware manufacturer. You're right that security is in everyone's interests. My mentioning Google is referencing a company whose business consists of collecting and marketing information on their users. I think this changes the risk profile somewhat.
> ...In theory anyone can inspect the source code and binaries for Corebooted devices...
Pardon me if there's a big hole in my understanding of firmware RE, In reference to the Coreboot'ed Chromebooks, it sounds like this should read "anyone can inspect the source code and binaries of Coreboot". We still have to take at face value what firmware is actually installed on a device. I don't mean to sound nitpicky or mean, I just think that Google's motivations warrant extra scrutiny. I agree with your sentiments overall.
> ...Intel ME may even have been born with genuinely good intentions...
This might be the case, but the way Intel has treated the topic could not possibly foster any kind of trust with its user-base. Also, these features offer extremely little to the average user. I'd like to be corrected on this if I'm wrong, what does Intel ME actually do for a user like myself? Surely it would lower costs in a non-trivial way to just remove it for non-corporate customers if the intentions were even the least bit genuine.
Sadly enough I think this is a good point. You could say it's the same as saying closed source software and operating systems would be better for that reason, which I wouldn't agree with at all, but this would feel somewhat different.
You would have to force GPL like sharing of modified firmware, but it seems much more involved to verify this on a vendor to vendor basis than say, finding that Lenovo ships some nefarious Windows software preinstalled. As an enthusiast you can just reflash after purchase to be sure, but the average consumer might suffer.
It sucks but the only real solution I see is to just remove these things altogether again.
Vendors already fuse their keys using bootguard. So if they want to install rootkits, they can do that now. Lenovo already did that with superfish. Bootguard doesn't make any assurances about the quality of the bios. It just says to the consumer that this machine's bios came from the vendor. Sort of like the https padlock.
I think what you mean to ask is how we could ensure the integrity of the boot flow up to the OS without bootguard. It can be done higher up in the stack. Chromebooks do it pretty well. There are other projects like heads that do it as well. Your chain of trust needs to extend into the OS for it to be meaningful.
Just to clarify ( as if I haven't clarified this enough ), I'm in favor of Intel releasing the keys.
> Another module is the Dynamic Application Loader (DAL), which consists of a Java virtual machine
What does that mean in regards to using intel hardware and oracle's java license mentioning nuclear weapons?
I thought it mentioned nuclear facilities but it looks like it changed at some stage.
