-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 12/08/2017 08:40 AM, Alberto Bursi wrote:
On 12/08/2017 02:59 PM, Timothy Pearson wrote:
That's just the HAP bit. The ME is limited but NOT disabled, and the remaining stubs are still hackable [1].
Neither the ME or the PSP can ever be removed from their respective systems. They can both be limited to some extent, but to call either of them "disabled" is rather far from the truth.
Hacking them requires being able to write in the SPI flash, or to have buggy UEFI firmware. Which means most systems are still vulnerable.
But it is also true that if someone can hack UEFI he pwns you anyway, even without ME.
So imho ME with the HAP bit can be called "disabled", although the fight isn't over as ME isn't the only thing that was a threat anyway.
I guess I still disagree with the use of the word "disabled". If the ME wasn't required for boot, and was actually disabled within a few cycles of its CPU starting, the remaining attack surface simply wouldn't exist. This is not what happens though, and AFAIK even the ME kernel continues to run since the ME needs to continue handling platform power events. If this many holes are present in even the ROM code, then having the ME kernel running remains a massive security problem.
Pretty much every computing platform, with the exception of some of the ARM SBCs with key fuses or Talos with FlexVer, are vulnerable to attack via Flash reprogramming, so I agree that this in and of itself should not be a disqualifier for many use cases. I simply take issue with calling the ME "disabled" when the reality is very different.
- -- Timothy Pearson Raptor Engineering +1 (415) 727-8645 (direct line) +1 (512) 690-0200 (switchboard) https://www.raptorengineering.com