On 09/20/2016 01:31 PM, Peter Stuge wrote:
Trammell Hudson wrote:
it makes no sense to me why Intel has it shrouded in such secrecy. There is no reason that I can see for it to be undocumented.
Please do read the book. It's quick, you'll need at most three hours.
\
Interesting read - I see many problems in assuming security:
- It is too complex - Not open code - Likely back doors. - traffic with Internet without user knowing or able to see
If I want a platform to hold business and financial information, I don't want closed ME code running that can be shut down from the outside - or pass traffic that I can't see. This gets to the key reason for coreboot - and unless we can completely replace/remove the ME code - I see this as less security not more.
In an earlier time I managed some EEs and a software team - very bright folks, but they had one blind spot - they were used to being among the brightest in the room and would correctly assume that no one else would understand what they were doing. But, if you apply the resources of a nation-state or even a wealthy crime syndicate, over time they will figure it out and find a way in. The more complex, the more likely there will be a hole - intentional or not.
In my mind the risk to world financial systems from back-doors is quite real and underestimated.
With out an open BIOS I think the best advise is to keep business intellectual property isolated from the Internet. At some point we need a machine with open storage hardware firmware as well..
It would be quite different if Intel was providing information and tools to roll your own ME code. Have to assume they were made an offer they couldn't refuse to be doing what they are.
The questions I have is if this is mostly for the DRM stuff that one doesn't need in a work environment or for some 3LA.