-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 08/29/2017 06:10 AM, Rene Shuster wrote:
Wow.
My favorite part is where the NSA itself basically admits that the ME can't be trusted! I wonder if they are looking at other architectures or if this HAP bit was enough for their needs?
- -- Timothy Pearson Raptor Engineering +1 (415) 727-8645 (direct line) +1 (512) 690-0200 (switchboard) https://www.raptorengineering.com
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 29/08/17 19:15, Timothy Pearson wrote:
On 08/29/2017 06:10 AM, Rene Shuster wrote:
Wow.
My favorite part is where the NSA itself basically admits that the ME can't be trusted! I wonder if they are looking at other architectures or if this HAP bit was enough for their needs?
So is this completely disabled, and not just "neutralized"?
- -- Leah Rowe
Libreboot developer and project founder.
Use free software. Free as in freedom. https://www.gnu.org/philosophy/free-sw.html
Use a free BIOS - https://libreboot.org/ Use a free operating system, GNU+Linux.
Support computer user freedom https://fsf.org/ - https://gnu.org/
Minifree Ltd, trading as Ministry of Freedom | Registered in England, No. 9361826 | VAT No. GB202190462 Registered Office: 19 Hilton Road, Canvey Island, Essex SS8 9QA, UK | Web: https://minifree.org/
http://fm.csl.sri.com/LAW/2009/dobry-law09-HAP-Challenges.pdf (linked in PTSecurity's blogpost) might have the answer to your question, but it's not accessible for me.
On Tue, Aug 29, 2017 at 3:57 PM, Leah Rowe info@gluglug.org.uk wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 29/08/17 19:15, Timothy Pearson wrote:
On 08/29/2017 06:10 AM, Rene Shuster wrote:
Wow.
My favorite part is where the NSA itself basically admits that the ME can't be trusted! I wonder if they are looking at other architectures or if this HAP bit was enough for their needs?
So is this completely disabled, and not just "neutralized"?
Leah Rowe
Libreboot developer and project founder.
Use free software. Free as in freedom. https://www.gnu.org/philosophy/free-sw.html
Use a free BIOS - https://libreboot.org/ Use a free operating system, GNU+Linux.
Support computer user freedom https://fsf.org/ - https://gnu.org/
Minifree Ltd, trading as Ministry of Freedom | Registered in England, No. 9361826 | VAT No. GB202190462 Registered Office: 19 Hilton Road, Canvey Island, Essex SS8 9QA, UK | Web: https://minifree.org/
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEE+JRrnG26iGmvPhSA/0W3TPnRz5QFAlmlxzoACgkQ/0W3TPnR z5RHPwf/TOLN0lvoyrFHZ1aj3QXCG/1pp5CmuIWU0NuEO4d2YyTyjT1NkdLzTmuG 1E1fNmbBN1XIciScmDPcXrccQzcwTI9LcY9Gt7E00Uf9Pxt/GkOIiaPWQN85E6NE KLepNuz6pSrNvYkWhVxrDe2Ft3nRflxyPbcUFNzjFz+zm7MmfoBJ0WFT7p9y6/zy l5LNGsiBgb/48141TzQNOF32dZUF1LGS0xrkkH7xhm2B9dnZVJjafN3tfdFmUHRw dONkLqN7J+cHJzfbzriNFdHWpdRhlK+urdqtTBt/UxWVF1YKjygvdZ6ONXmKLOXl QUOjOnstdU/oljH256ml3HSH0XhBiA== =UEAF -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 08/29/2017 02:57 PM, Leah Rowe wrote:
On 29/08/17 19:15, Timothy Pearson wrote:
On 08/29/2017 06:10 AM, Rene Shuster wrote:
Wow.
My favorite part is where the NSA itself basically admits that the ME can't be trusted! I wonder if they are looking at other architectures or if this HAP bit was enough for their needs?
So is this completely disabled, and not just "neutralized"?
No, it's just neutralised. The kernel, etc. are still required to boot the platform, it's just that the higher level userspace components are disabled at runtime. So, if a flaw is found in the kernel, etc. the ME remains a serious security threat.
- -- Timothy Pearson Raptor Engineering +1 (415) 727-8645 (direct line) +1 (512) 690-0200 (switchboard) https://www.raptorengineering.com
OK, thanks for the clarification.
On Tue, Aug 29, 2017 at 4:13 PM, Timothy Pearson < tpearson@raptorengineering.com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 08/29/2017 02:57 PM, Leah Rowe wrote:
On 29/08/17 19:15, Timothy Pearson wrote:
On 08/29/2017 06:10 AM, Rene Shuster wrote:
Wow.
My favorite part is where the NSA itself basically admits that the ME can't be trusted! I wonder if they are looking at other architectures or if this HAP bit was enough for their needs?
So is this completely disabled, and not just "neutralized"?
No, it's just neutralised. The kernel, etc. are still required to boot the platform, it's just that the higher level userspace components are disabled at runtime. So, if a flaw is found in the kernel, etc. the ME remains a serious security threat.
Timothy Pearson Raptor Engineering +1 (415) 727-8645 (direct line) +1 (512) 690-0200 (switchboard) https://www.raptorengineering.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJZpcrLAAoJEK+E3vEXDOFbayIH/iZuAc88srpBSorCFJI52nya wGEqUUplz/VeqcxH6ojEIT1QA6qRrXOi+G7feMNiCOa83EwVjxOfpCsx5fP6WQIH iuIYElJiAQ+GpHAozLtMujRr0E+o/W+2iDl4CmwEKeXBydBlRwe2/EnhaktMtVy7 LuHOH53dvGxW6m/8vPaulccbdJajBN7CYdkSFQ7gE+qEMZ0ryMq3JFXjEkgCp8vE cCkBDSSeVyuqar6ghf+IlLDFbLdt6FTKFmWupvL6A6Euveasq38WwGvjiUMiKGDq 5G9EjpAUGme2s4yiPdm2TAjvM8Sa5hlVLIw3tLa7YjcJMSYeKRPJz7VUhRVX7+k= =PMOh -----END PGP SIGNATURE-----
Am 29.08.2017 um 20:15 schrieb Timothy Pearson:
On 08/29/2017 06:10 AM, Rene Shuster wrote:
Wow.
My favorite part is where the NSA itself basically admits that the ME can't be trusted! I wonder if they are looking at other architectures or if this HAP bit was enough for their needs?
By the way: Do AMD-boards have a similar mechanism of evil?
On 08/30/2017 12:58 AM, Philipp Stanner wrote:
Am 29.08.2017 um 20:15 schrieb Timothy Pearson:
On 08/29/2017 06:10 AM, Rene Shuster wrote:
Wow.
My favorite part is where the NSA itself basically admits that the ME can't be trusted! I wonder if they are looking at other architectures or if this HAP bit was enough for their needs?
By the way: Do AMD-boards have a similar mechanism of evil?
Yes it is called AMD-PSP and present in the newer stuff such as AM4 and FM2+, although they did entertain the idea of providing a method to disable it in a reddit thread which a PR guy claims the CEO paid attention to so I suppose a corporate customer that purchases sufficient volume could convince them to actually do it. much better than intel's ignoring of the issue.
On 08/30/2017 07:06 AM, Taiidan@gmx.com wrote:
Yes it is called AMD-PSP and present in the newer stuff such as AM4 and FM2+, although they did entertain the idea of providing a method to disable it in a reddit thread which a PR guy claims the CEO paid attention to so I suppose a corporate customer that purchases sufficient volume could convince them to actually do it. much better than intel's ignoring of the issue.
sounds more like intel designed the thing to be disabled by the NSA for their use, but hiding the fact very well so that the same NSA are able to use some possibly yet unknown integrated backdoor to hack into everybody's else machines
-
Leah Rowe -
Philipp Stanner -
Raphael Jacquot -
Rene Shuster -
Taiidan@gmx.com -
Timothy Pearson