[coreboot] T450S + Coreboot

Thu Aug 30 08:15:43 CEST 2018

Sorry, I'm going to read the documentation more and make this a personal
goal by the end of 2019. I didn't want to stir up so much drama. Time and
money are not constraints on this particular problem. One way or another by
January 22, 2019 I will have either figured it out or I will pay to figure
it out. I have used Linux since college. I have no kids. I have no
girlfriend. I have tons of free time.

Make It So,
Brian Herman

So you have made it to the end......
Thanks for reading!

On Wed, Aug 29, 2018 at 4:42 PM Youness Alaoui <
kakaroto at kakaroto.homelinux.net> wrote:

>  Wow, Mike, seriously, I am going to side 100% with Nico, you are
> spreading FUD, making your own personal opinions (which are themselves
> derived from other people's FUD) and stating them as the universal
> law.
> The ME is not known to be a backdoor. It doesn't mean that it's not a
> backdoor, it simply means that it's not known to be a backdoor. The
> fact that it's closed source and not user-controlled (Even if you had
> the sources, you can't modify them and update it to your custom ME
> version) is where the problem actually is. There *might* be a backdoor
> hidden somewhere in there, or maybe there isn't, nobody knows, but
> there has been a lot of research done on the ME and so far, none have
> been found as far as I know.
>
> Your worry about what the ME does, how it can give someone control
> over the PC, etc.. are NOT what qualifies it as a "backdoor", but like
> Nico said, it's a frontdoor, it's not a "hidden access", it's a
> "promoted access" to the PC, it's the main ME functionality which is
> well documented. You don't have to use some "only known to some secret
> person" trick to access the ME, you just need to point your web
> browser to the right port on localhost.
> Your comparison of saying the ME is a backdoor is like saying that a
> webcam is a spying device because it can capture images of you! Yeah,
> sure, that's technically true, it can capture images of you, but only
> after you plug it in and open an image capture software, and you still
> have control of those images. The fact that the webcam schematics
> isn't open means that it could still have a small wifi or GSM chip
> embedded inside which makes it send the images to the CIA, but it's
> not a guarantee that it does. So, yes, you can complain that the
> webcam isn't open hardware so you can't technically trust what it
> does, but you can't just come out and say with absolute certainty that
> any and all webcams in the world are spying devices for the CIA,
> that's just ridiculous.
>
> So, back to the ME, we know exactly what it does, it's all extremely
> well documented and explained, the fact that it allows remote control
> of the PC is actually the reason for its existence and it's a very
> very valid reason in the corporate context and the fact that those
> features also 'coincidentally' resemble the features of an actual
> 'trojan horse' virus, doesn't mean that the ME itself is a virus..
> otherwise the 'rm' linux command would be considered a virus since it
> deletes files and there are some viruses that can delete your files as
> well....
> Now the problem is that it's closed source, and not user controlled
> (remote control features *are* user controlled, I'm talking about
> being able to replace the firmware with your own), so yes, it can't be
> audited by the larger open source community, but that also doesn't
> guarantee any security necessarily (how many open source programs
> still have security bugs?).
>
> Either way, you yourself said earlier, when talking about the AtomBIOS
> that "it could be disassembled quite well with AtomDis -
> https://github.com/mikebdp2/AtomDis - reducing any security concerns
> regarding this blob to a minimum.", well, the ME can be disassembled
> with any x86 disassembler, so why can't you also say that "reduces any
> security concerns regarding the ME to a minimum".
>
> We're about to get full control back of the ME. I've been working for
> the past few weeks on reproducing the PTResearch buffer overflow
> exploit on the ME, and yesterday they released a PoC for Apollolake
> (in case you missed it : https://github.com/ptresearch/IntelTXE-PoC),
> so with the progress I made and with that, I should be able to soon
> port it to skylake (and write docs on how to port to other platforms
> as well) which will at least give us the ability to gain back the
> 'user-controlled' aspect of it as we'd have code execution on it.
> Which by the way, also means that BootGuard can be disabled (since the
> ME is the one checking for the boot guard signatures), which should
> enable the ability to port coreboot to a lot more machines (including
> the T450S that this thread is supposed to be about). Hopefully....
>
> On Wed, Aug 29, 2018 at 5:50 AM Mike Banon <mikebdp2 at gmail.com> wrote:
> >
> > > What suspicious activities? I know, for many people the Intel ME
> firmware
> > > contains unwanted features. But these features are documented.
> > > In your world, a device becomes backdoored because somebody
> > > didn't read the manual?!?
> >
> > Somewhere I've seen a report about Intel ME suspicious network
> > activities (if I remember correctly they were using Wireshark on a PC
> > placed between a computer with ME and the outside network) which has
> > affected my personal opinion. Although it could be argued that its
> > just some OEM has set up their ME in such a way, maybe even in a
> > documented way (although a way undesirable to the end user), still it
> > didn't look good to me. In addition, regarding all those Intel ME
> > vulnerabilities recently discovered: one could assume that at least
> > some of these "vulnerabilities" @ were actually the backdoors which
> > have been patched just because they have been discovered by someone
> > else than the american intelligence agencies who always knew them @ .
> > Now Intel has patched these "vulnerabilities", but we do not know if
> > some other "vulnerabilities" have been left unnoticed by the outsiders
> > or if some new "vulnerabilities" have been added. And we the open
> > source enthusiasts can't even verify that personally, because the
> > source code of Intel ME firmware is closed. I cannot understand, how
> > such a high level professional open source developer as you, Nico,
> > finds it okay to just trust Intel ME despite its' deeply proprietary
> > nature. Management engine with a closed source proprietary firmware -
> > it even sounds awful..... I totally agree with Richard Stallman when
> > he calls Intel ME a backdoor - https://stallman.org/intel.html
> >
> > > Please read [1] and [2] very carefully, I hope even you will spot
> > > technical differences. [...] You cannot just take somebody's words
> > > and give them a different meaning just because somebody else used
> > > them in a different context. [...] You did it again, btw., stating
> something
> > > (definition of frontdoor) and making it look like the generally
> accepted definition.
> >
> > Before receiving your message I knew only one definition of a
> > "frontdoor" computing term which I described in my previous message.
> > Although I don't know which definition is more popular, sorry for
> > misunderstanding you.
> >
> > Mike
> >
> >
> > On Wed, Aug 29, 2018 at 12:24 AM Nico Huber <nico.h at gmx.de> wrote:
> > >
> > > *sigh*,
> > >
> > > On 28.08.2018 22:00, Mike Banon wrote:
> > > > You are right, my choice of words has been far from ideal. I
> apologize
> > > > for that. However, to be confident that Intel ME is a backdoor
> > > > (personal opinion) - one does not have to be its' creator.
> > >
> > > sorry I meant the creator of us (God) not the ME. I doubt the creator
> > > of the ME knows everybody's opinion either. Which is what I was talking
> > > about. A good practice is to quote and answer below that quote, this
> way
> > > you can easily check if what you write makes sense in the given
> context.
> > >
> > > > I think
> > > > there are enough documents describing its' functionality and enough
> > > > evidence gathered by the independent security researchers about the
> > > > suspicious activities of this hardware module. If it looks like a
> > > > duck, swims like a duck, and quacks like a duck, then it probably is
> a
> > > > duck?
> > >
> > > WTF again? what suspicious activities? I know, for many people the ME
> > > firmware contains unwanted features. But these features are documented.
> > > In your world, a device becomes backdoored because somebody didn't read
> > > the manual?!?
> > >
> > > > There are no technical differences between the 'backdoor', and
> > > > 'frontdoor'.
> > >
> > > Please read [1] and [2] very carefully, I hope even you will spot tech-
> > > nical differences.
> > >
> > > > Like a 'conspiracy theorist', 'frontdoor' is a term
> > > > coming from the american 3-letter-agencies. 'Frontdoor' is their term
> > > > for a 'backdoor' to which only they (currently) have an access. This
> > > > article summarizes it well:
> > > >
> https://www.justsecurity.org/16503/security-front-doors-vs-back-doors-distinction-difference/
> > > > . 'Backdoor' term has a negative reputation, so they would like to
> > > > push this 'frontdoor' term forward.
> > >
> > > This is very infantile. You cannot just take somebody's words and give
> > > them a different meaning just because somebody else used them in a dif-
> > > ferent context. When I say frontdoor, I mean a door at a front where
> > > everyone can see it. A backdoor implies something hidden, the ME fea-
> > > tures were never hidden (AFAIK, a stupid OEM may prove me wrong, but I
> > > don't know any instance).
> > >
> > > You did it again, btw., stating something (definition of frontdoor) and
> > > making it look like the generally accepted definition.
> > >
> > > Nico
> > >
> > > [1] https://en.wiktionary.org/wiki/back_door
> > > [2] https://en.wiktionary.org/wiki/front_door
>
> --
> coreboot mailing list: coreboot at coreboot.org
> https://mail.coreboot.org/mailman/listinfo/coreboot
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot/attachments/20180830/634e4bfc/attachment.html>