[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Libreboot] Can libreboot help to escape the Intel AMT/ME nightmare?

From: Denis 'GNUtoo' Carikli
Subject: Re: [Libreboot] Can libreboot help to escape the Intel AMT/ME nightmare?
Date: Mon, 9 Feb 2015 13:41:36 +0100

On Thu, 5 Feb 2015 20:44:35 +0000 (UTC)
"L.R. d S." <address@hidden> wrote:

> >Why do you think buying a used device might 
> >make trust even less? Do you really trust the vendor/shipper?
> And why should we trust on Gluglug, for example? This is irrational, 
> since x60/T60 is out of production. Also, we shouldn't "trust" it, we
> should -know- this is working correctly.
It really depends on your threat model and so on. The ideal thing would
be not to have to trust Gluglug, because it's somehow a single point of
failure. Still we may able to verify the hardware and software.
* For coreboot, we can dump it, but I guess there is no reproducible
  build procedure in place. So it's wroth trying to see if that can be
* For the distro, the packages are signed by Trisquel, which itself
  isn't reproducible yet.
* For the hardware it could be inspected.
* For the code in the other chips(like ec, hdd controller inside the
  hdd and so on, I wonder how to check for that).

I also wonder about the best way to publish such test results.
Having such procedure in place would also directly benefit Gluglug,
since it would put less pressure on them to do things right.

That is to say, the coercion attempts probability are way higher when
there is no procedure in place to prevent them.

> >The MacBook Air comes with a keyboard/trackpoint controller that can 
> >easily transformed into a keylogger (as many other devices, too).
> Every supported libreboot laptop have this same problem, they all 
> have blobs on Embedded Controller.
Yes, indeed, that could be fixed if someone liberates that:
-> There is a toolchain and some example code for older Thinkpad EC on
   the Thinkpad wiki. Any recent gcc for the correct architecture
   should probably work. I've not looked enough at the code and so on
   to be able to understand how to flash the EC.
-> Google has a free software "OS" for the chromebooks EC, and this is
   supported inside the mainline Linux kernel.

> I think the correct point here is ask if libreboot supported laptops
> run microcode. Acording to GNUtool here [1] the x60 still running
> microcode even removing it on bios.
On coreboot, yes. Not on libreboot. That's also the point of libreboot.


Attachment: pgpBN4olgLzQM.pgp
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]