[coreboot] Intel ME Question

Igor Skochinsky skochinsky at mail.ru
Sat Dec 24 10:50:42 CET 2016

Hello bancfc,

Friday, December 23, 2016, 9:13:16 PM, you wrote:

boo> Hi,

boo> Seeing that many of you know a lot about Intel's ME I wanted to ask a 
boo> couple of things if its ok.

boo> * Is the ME network accessible on all Intel chips or only the vPro ones
boo> with AMT?

IIRC there were some mobile variants which had access to the wireless
3G chip (for Anti-Theft) but AFAIK this functionality has been dropped.
From what I've seen in the common firmwares, only the corporate/AMT (5MB) firmwares include the
networking stack.

boo> * I saw an interesting take on this in the link below, instead of the 
boo> usual FUD surrounding this topic whenever its mentioned. What is your 
boo> take on what he says?

boo> https://www.reddit.com/r/onions/comments/5i6qa3/can_the_nsafbi_use_intel_me_to_defeat_tor_on_95/

I call FUD on the "keys being traded underground". I highly doubt that
even Intel is careless enough to expose the ME signing keys in the
clear. Most likely they use a HSM for signing firmwares and the actual keys never
leave it. What  I *could* buy (but doubt it happened) is that they may
have signed some specific firmwares "on special request". In any case,
the NSA etc. do not need ME to achieve their goals - there are plenty of other
low-hanging fruits starting with good old phishing/social engineering
and multitude of  OS/application bugs.

 Igor                            mailto:roxfan at skynet.be

More information about the coreboot mailing list