[coreboot] how effective is neutralizing Intel ME/AMT/vPro?
Daniel Pocock
daniel at pocock.pro
Wed Aug 2 20:46:43 CEST 2017
I've seen various web sites about ME_Cleaner[1] and also the
strategies[2] used by Purism to avoid Intel ME/AMT/vPro
I understand that with LibreBoot and one of their supported laptops it
is possible to completely eliminate the risk by removing 100% of
proprietary/hidden code.
However, for people who choose Coreboot, ME_Cleaner, a Purism laptop or
some other compromise, leaving in place around 90kb of the Intel code,
is there a concise way to explain the attack vectors that they eliminate
and the attack vectors that remain?
For example, I've read that Purism doesn't use vPro-compatible wifi
hardware, so my impression is they eliminate random attacks coming in
through the network and spontaneously activating Intel ME, but if
malicious code does get into Intel ME by some other means (such as a
malicious email attachment) it may still be able to hide there
indefinitely and use any network device on the machine to call home?
Regards,
Daniel
1. https://github.com/corna/me_cleaner
2. https://puri.sm/learn/avoiding-intel-amt/
More information about the coreboot
mailing list