<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 02/08/17 20:43, ron minnich wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAP6exYK09kVw5z0sO19NxhB9CJ9QcOeUb_HCMuRdUA7kMTxFCA@mail.gmail.com">
<meta http-equiv="Context-Type" content="text/html; charset=UTF-8">
<div dir="ltr"><br>
<br>
<div class="gmail_quote">
<div dir="ltr">On Wed, Aug 2, 2017 at 11:48 AM Daniel Pocock
<<a href="mailto:daniel@pocock.pro"
moz-do-not-send="true">daniel@pocock.pro</a>> wrote:<br>
</div>
<blockquote class="gmail_quote">I understand that with
LibreBoot and one of their supported laptops it<br>
is possible to completely eliminate the risk by removing
100% of<br>
proprietary/hidden code.<br>
</blockquote>
<div><br>
</div>
<div>I'm glad they did this but ... you need to understand
that the laptop in that case is 10 years old (or is there a
newer one I missed?). There is a core set of functionality
the ME provides on newer chipsets that as far as we know,
can not be removed :-(</div>
<div><br>
</div>
<div> </div>
</div>
</div>
</blockquote>
For some purposes, a 10 year old laptop is quite OK<br>
<br>
If you want a secure environment to manage your PGP master keys, for
example, that may be a good choice (see the PGP/PKI clean room
Debian Live image)<br>
<br>
<blockquote type="cite"
cite="mid:CAP6exYK09kVw5z0sO19NxhB9CJ9QcOeUb_HCMuRdUA7kMTxFCA@mail.gmail.com">
<div dir="ltr">
<div class="gmail_quote">
<blockquote class="gmail_quote">
<br>
However, for people who choose Coreboot, ME_Cleaner, a
Purism laptop or<br>
some other compromise, leaving in place around 90kb of the
Intel code,<br>
is there a concise way to explain the attack vectors that
they eliminate<br>
and the attack vectors that remain?<br>
</blockquote>
<div><br>
</div>
<div>well, as purism has pointed out, due to a bug, they only
check signing on 1/4 of that ME code (IIRC). So, if you
want, you could embed your exploits in the other 3/4. That's
about 65K. </div>
<div><br>
</div>
<div>What could you do? I am guessing a lot.</div>
<div><br>
</div>
<div>And, further, if such exploits can be done, and have been
possible for at least 10 years, it's reasonably to assume
they HAVE been done and are out there now. Bummer.</div>
</div>
</div>
</blockquote>
<br>
Just as it is never too late to give up smoking, it is never too
late to escape from mass surveillance.<br>
<br>
As a Linux user I get away with using a laptop until it is quite old
but many other people have become well and truly dependent on newer
hardware and software that has this massive backdoor in it.<br>
<br>
<blockquote type="cite"
cite="mid:CAP6exYK09kVw5z0sO19NxhB9CJ9QcOeUb_HCMuRdUA7kMTxFCA@mail.gmail.com">
<div dir="ltr">
<div class="gmail_quote">
<div> </div>
<blockquote class="gmail_quote">
<br>
For example, I've read that Purism doesn't use
vPro-compatible wifi<br>
hardware, so my impression is they eliminate random attacks
coming in<br>
through the network and spontaneously activating Intel ME,
but if<br>
malicious code does get into Intel ME by some other means
(such as a<br>
malicious email attachment) it may still be able to hide
there<br>
indefinitely and use any network device on the machine to
call home?<br>
<br>
<br>
</blockquote>
<div>Can it get in via malicious email attachment? What's the
path for that? Seems hard but I'm willing to believe
anything nowadays after reading about all these sideband
attacks.</div>
<div><br>
</div>
</div>
</div>
</blockquote>
<br>
I assume some email attachment may be a stepping stone for a
privilege escalation attack that eventually gets into the BIOS or
HDD firmware.<br>
<br>
There is also the QR-code of death. It is like the ping of death
but it is designed for the firmware of the built-in webcam in your
laptop.<br>
<br>
Regards,<br>
<br>
Daniel<br>
<br>
</body>
</html>