-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
While dell has not gone into detail on this offering, from what has been described it is highly likely that they were setting the HAP bit. Unfortunately Dell has been billing this as a "inactive" ME when the truth is something else: apparently the ME is still vulnerable even with the HAP bit set [1], for instance.
In general there is a lot of confusion as to the ME and what me_cleaner / the HAP bit can do. To clear it up:
* Intel does not offer ME-free hardware to _anyone_, ever. The closest they ever came was the HAP bit.
* A ME with me_cleaner applied and the HAP bit set is _not_ disabled. It is limited compared to a stock ME but most definitely active and involved with system boot and possibly runtime, and it remains a serious security threat.
[1] https://twitter.com/rootkovska/status/938458875522666497
On 12/07/2017 03:29 PM, echelon@free.fr wrote:
Hello, First I apologize in advance for introducing some "off topic" noise in the coreboot mailing list, but I would like to point to you a story which was posted on slashdot 4 days ago : https://hardware.slashdot.org/story/17/12/03/2113220/dell-begins-offering-la... . So I have some questions to the coreboot community regarding this story (if you have the time and if you bother to read it..) :
- I know that the aim of the coreboot project is to produce a fully open-source firmware alternative (and I fully subscript to this noble aim!..), but if we put ourselves in the place of a (corporate?) end-user, who NEEDS the security of a system with "features" like ME or PSP DISABLED, isn't "buying" the option "ME disabled" straight from the vendor a viable solution?.. Or in other words (I hope that I will avoid getting sued for this.. ;-)) : do you think that "buying" this advertised "option" is as reliable as say .. using open source tools like me_cleaner (DIY approach)?..
- And a more "politically sensitive" question (you can simply ignore it if it is too dangerous to answer..): do you think that Intel is somewhat .. "collaborative" (or at least indifferent..) to this new initiative of Dell or System76?..
Thanks in advance for your answers, Florentin Demetrescu
- -- Timothy Pearson Raptor Engineering +1 (415) 727-8645 (direct line) +1 (512) 690-0200 (switchboard) https://www.raptorengineering.com