libreboot
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Libreboot] Can libreboot help to escape the Intel AMT/ME nightmare?


From: Marcus Moeller
Subject: Re: [Libreboot] Can libreboot help to escape the Intel AMT/ME nightmare?
Date: Thu, 05 Feb 2015 12:32:39 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0

Dear Alexander.

This is a question to help me understand what libreboot can do and what not.
First off I want to thank all the contributers and developers for their
time and effort
and make clear that when I ask about "the limitations of
libreboot/coreboot" I am
well aware that they are reflect the obstacles put in the way of the
developers
which do anyway the very very best. Thank you.

I would not declare AMT bad/biased in general. What we would need is a transparent free implementation of the protcol and options to switch it off, if unneeded.

I already tried to get in contact with Ylian, who is a Free Software developer at Intel and who did most of the AMT/ME code, but he did not reply yet.

 > I am a victim of Intel AMT. I use a Thinkpad x201 (which is a vPro iCore
system)
and by this may very well assume to be hacked by the NSA which can via Intel
use the ARC chip in the vPro Intel AMT. This is very sad, moreso that I
have just
recently become aware of this threat.

My question henceforth is that if I made the purchase of a Thinkpad X200
(which
for some bad luck can only be bought second hand, and makes trust even less
as the previous owner can have tampared with the system), can I "clean the
system of some of its evil spying and manipulation and criminalization
technology?"

I don't get your point here. Why do you think buying a used device might make trust even less? Do you really trust the vendor/shipper?

Besides that, with flashing Libreboot, you will overwrite any existing code in the BIOS, so at least this should be Free. That does not mean, backdoors could not be included in silicon or any other part of the hardware (e.g. this one: http://www.golem.de/1405/sp_106690-79290-i_rc.jpg on a MacBook Air).

In the end, we would need Free Hardware Specifications (including chipset/processor), but this is still a long way to go.

Is there an indication that a flashing the bios with libreboot will
allow to disable
Intel AMT?
If this was so, is there any technical mean (i.e. a multimeter or other
technical device,
which would allow me to confirm this with some reliability).

As said, Libreboot does not ship AMT at all atm.

For good or for bad there is some paranoia. Is there any way to gain
some trust
to other users? I think no other technical mean would allow to get
trust, than to
bunch up with other users to get to know each other personnaly well
enough and
to henceforth trustfully devide the work of auditing.

Yes, a standardised auditing process could be possible/established. As far as I know, there is no plan to do so, yet.

Greetings
Marcus

PS: There is something broken with your line-breaks

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]