Hi Yannik,
On 17.01.19 13:46, Yannik Catalinac wrote:
Being a closed source this firmware may contain the backdoors or help the backdoor-like functionality of intel me. So yes, this is a privacy concerning thing.
Well, don't use modern controllers (ethernet, USB, etc.) if you don't want proprietary firmware in them. But that's far from the original question...
To sum it up, I have 4 possibilities:
- Live without ethernet firmware and without internet
the ethernet firmware, if any, is part of the chipset and can't be removed. You can only remove its configuration data.
- Use the untrusted ethernet firmware with a small risk in terms of security/privacy
The bigger risk wrt. Intel's integrated ethernet is that the ME has a device driver for it. me_cleaner can remedy this, in theory (it still leaves unerasable ME firmware in a ROM where it's unknown if it contains an ethernet driver.
- Don't use the ethernet firmware and only use a free miniPCIe Wifi card? Is this possible?
I'm not sure if such a card exists. There are WiFi cards with free OS drivers (e.g. ath9k), but I would expect them to run some sort of firm- ware, too. Though, I don't see how that matters. The hardware vendors can deceive you; while it makes it easier, they don't need firmware for that.
- Don't use the ethernet firmware and only use a free USB Wifi stick
USB at least doesn't give the WiFi full memory access by default. But regarding firmware see 3.
Also worth to mention, you don't have to add this file or any related file (ME, IFD) into coreboot. This option is only for people that want to put everything into a single file to flash at once. You can instead just write coreboot only, to the respective BIOS region in flash. And leave everything else intact.
But than I can't disable Intel ME and can't use me_cleaner? If I read correctly: when you disable Intel ME, you have to insert IFD and GbE into coreboot?
If you want to do all of that in one go and let the coreboot `make` do the ME cleaning, yes.
Btw, do I also have to insert EC firmware than?
No, the T530 has its EC firmware in a separate flash.
Nico