I wonder if anyone ever completely trusted AMT - maybe some naive excessive cool-aid drinkers :)

-vb

On Tue, May 2, 2017 at 11:27 AM, ron minnich <rminnich@gmail.com> wrote:
I wonder if anyone is going to completely trust AMT after this problem. It goes back almost 10 years. So for all those users who had it on for almost 10 years, the question becomes, how much did we lose and when did we lose it? The answer? We'll never know. Are we still owned? We don't know. Can we actually trust any reflash procedure, if the ME is owned while we try to reflash? Well, I hope so, but how can we know? 

It's a worrisome situation.

ron

On Tue, May 2, 2017 at 11:01 AM Patrick Georgi via coreboot <coreboot@coreboot.org> wrote:
Semi-Accurate only claims accuracy according to what's on the box. The
official documentation of the issue can be found at
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075

It looks like a software bug in the AMT firmware. Therefore:
- No AMT (eg on non-business consumer devices) -> no (bug | exploit).
- Present but disabled AMT (eg. on business devices without AMT
enrollment) -> no (bug | exploit). (although there's apparently a way
to enable AMT unsupervised under some circumstances with some level of
local access. or something.)


Patrick

2017-05-02 19:31 GMT+02:00 John Lewis <jlewis@johnlewis.ie>:
> https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/
>
> The article says "all" Intel boards since 2008 are locally vulnerable
> (ME exploit), but the Intel advisory (linked within) says consumer
> devices are okay.
>
> What the article says about even low end devices still having the
> features albeit turned "off" rings true to me, based on stuff I've read
> here and elsewhere. What's your take (bearing in mind the technical
> details aren't available, yet)?
>
>
> --
> coreboot mailing list: coreboot@coreboot.org
> https://mail.coreboot.org/mailman/listinfo/coreboot



--
Google Germany GmbH, ABC-Str. 19, 20354 Hamburg
Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg
Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle

--
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

--
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot