[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Libreboot] Can libreboot help to escape the Intel AMT/ME nightmare?
|
From: |
Denis 'GNUtoo' Carikli |
|
Subject: |
Re: [Libreboot] Can libreboot help to escape the Intel AMT/ME nightmare? |
|
Date: |
Mon, 9 Feb 2015 13:41:36 +0100 |
On Thu, 5 Feb 2015 20:44:35 +0000 (UTC)
"L.R. d S." <address@hidden> wrote:
> >Why do you think buying a used device might
> >make trust even less? Do you really trust the vendor/shipper?
>
> And why should we trust on Gluglug, for example? This is irrational,
> since x60/T60 is out of production. Also, we shouldn't "trust" it, we
> should -know- this is working correctly.
It really depends on your threat model and so on. The ideal thing would
be not to have to trust Gluglug, because it's somehow a single point of
failure. Still we may able to verify the hardware and software.
* For coreboot, we can dump it, but I guess there is no reproducible
build procedure in place. So it's wroth trying to see if that can be
done.
* For the distro, the packages are signed by Trisquel, which itself
isn't reproducible yet.
* For the hardware it could be inspected.
* For the code in the other chips(like ec, hdd controller inside the
hdd and so on, I wonder how to check for that).
I also wonder about the best way to publish such test results.
Having such procedure in place would also directly benefit Gluglug,
since it would put less pressure on them to do things right.
That is to say, the coercion attempts probability are way higher when
there is no procedure in place to prevent them.
> >The MacBook Air comes with a keyboard/trackpoint controller that can
> >easily transformed into a keylogger (as many other devices, too).
>
> Every supported libreboot laptop have this same problem, they all
> have blobs on Embedded Controller.
Yes, indeed, that could be fixed if someone liberates that:
-> There is a toolchain and some example code for older Thinkpad EC on
the Thinkpad wiki. Any recent gcc for the correct architecture
should probably work. I've not looked enough at the code and so on
to be able to understand how to flash the EC.
-> Google has a free software "OS" for the chromebooks EC, and this is
supported inside the mainline Linux kernel.
> I think the correct point here is ask if libreboot supported laptops
> run microcode. Acording to GNUtool here [1] the x60 still running
> microcode even removing it on bios.
On coreboot, yes. Not on libreboot. That's also the point of libreboot.
Denis.
pgpBN4olgLzQM.pgp
Description: OpenPGP digital signature
[Libreboot] Audit Was: Can libreboot help to escape the Intel AMT/ME nightmare?, Denis 'GNUtoo' Carikli, 2015/02/09
Re: [Libreboot] Can libreboot help to escape the Intel AMT/ME nightmare?, Isaac David Reyes González, 2015/02/09