[coreboot] Experiments with disabling the ME on Sandybridge x230

Karl Schmidt karl at xtronics.com
Tue Sep 20 21:46:34 CEST 2016 

On 09/20/2016 01:31 PM, Peter Stuge wrote:
> Trammell Hudson wrote:
>> it makes no sense to me why Intel has it shrouded in such secrecy.
>> There is no reason that I can see for it to be undocumented.
>
> Please do read the book. It's quick, you'll need at most three hours.
>
> http://www.apress.com/9781430265719
\

Interesting read - I see many problems in assuming security:

- It is too complex
- Not open code
- Likely back doors.
- traffic with Internet without user knowing or able to see


If I want a platform to hold business and financial information, I don't want closed ME code running 
that can be shut down from the outside - or pass traffic that I can't see. This gets to the key 
reason for coreboot - and unless we can completely replace/remove the ME code  - I see this as less 
security not more.

In an earlier time I managed some EEs and a software team - very bright folks, but they had one 
blind spot - they were used to being among the brightest in the room and would correctly assume that 
no one else would understand what they were doing.  But, if you apply the resources of a 
nation-state or even a wealthy crime syndicate, over time they will figure it out and find a way in. 
  The more complex, the more likely there will be a hole - intentional or not.

In my mind the risk to world financial systems from back-doors is quite real and underestimated.

With out an open BIOS I think the best advise is to keep business intellectual property isolated 
from the Internet. At some point we need a machine with open storage hardware firmware as well..

It would be quite different if Intel was providing information and tools to roll your own ME code. 
Have to assume they were made an offer they couldn't refuse to be doing what they are.

The questions I have is if this is mostly for the DRM stuff that one doesn't need in a work 
environment or for some 3LA.


-- 
--------------------------------------------------------------------------------
Link to our website and get free US-48 shipping on your next order.

Karl Schmidt                                  EMail Karl at xtronics.com
Transtronics, Inc.                              WEB https://secure.transtronics.com
3209 West 9th Street                             Ph (785) 841-3089
Lawrence, KS 66049                              FAX (785) 841-3089

If you are not part of the solution, you are part of the precipitate.
--------------------------------------------------------------------------------

More information about the coreboot mailing list