[coreboot] Disabling Intel ME 11 via undocumented mode

[Rene Shuster]

OK, thanks for the clarification.

On Tue, Aug 29, 2017 at 4:13 PM, Timothy Pearson <
tpearson at raptorengineering.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 08/29/2017 02:57 PM, Leah Rowe wrote:
> >
> >
> > On 29/08/17 19:15, Timothy Pearson wrote:
> >> On 08/29/2017 06:10 AM, Rene Shuster wrote:
> >>> Wow.
> >
> >> My favorite part is where the NSA itself basically admits that the
> >> ME can't be trusted!  I wonder if they are looking at other
> >> architectures or if this HAP bit was enough for their needs?
> >
> >
> >
> > So is this completely disabled, and not just "neutralized"?
> >
>
> No, it's just neutralised.  The kernel, etc. are still required to boot
> the platform, it's just that the higher level userspace components are
> disabled at runtime.  So, if a flaw is found in the kernel, etc. the ME
> remains a serious security threat.
>
> - --
> Timothy Pearson
> Raptor Engineering
> +1 (415) 727-8645 (direct line)
> +1 (512) 690-0200 (switchboard)
> https://www.raptorengineering.com
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEcBAEBAgAGBQJZpcrLAAoJEK+E3vEXDOFbayIH/iZuAc88srpBSorCFJI52nya
> wGEqUUplz/VeqcxH6ojEIT1QA6qRrXOi+G7feMNiCOa83EwVjxOfpCsx5fP6WQIH
> iuIYElJiAQ+GpHAozLtMujRr0E+o/W+2iDl4CmwEKeXBydBlRwe2/EnhaktMtVy7
> LuHOH53dvGxW6m/8vPaulccbdJajBN7CYdkSFQ7gE+qEMZ0ryMq3JFXjEkgCp8vE
> cCkBDSSeVyuqar6ghf+IlLDFbLdt6FTKFmWupvL6A6Euveasq38WwGvjiUMiKGDq
> 5G9EjpAUGme2s4yiPdm2TAjvM8Sa5hlVLIw3tLa7YjcJMSYeKRPJz7VUhRVX7+k=
> =PMOh
> -----END PGP SIGNATURE-----
>



-- 
Tech III * AppControl * Endpoint Protection * Server Maintenance
Buncombe County Schools Technology Department Network Group
ComicSans Awareness Campaign <http://comicsanscriminal.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot/attachments/20170829/ab1c8618/attachment.html>