[coreboot] Hardware vendors offering systems with Intel ME disabled

Taiidan at gmx.com Taiidan at gmx.com
Fri Dec 8 03:04:48 CET 2017


Companies such as dell and purism that purport to offer a "safe" 
"disabled" ME/PSP are being dishonest - there is no way to disable 
something so integral by design to the boot process of modern x86-64 
platforms.

If for once there is an organization that cares about security they can 
buy a pre-PSP AMD system, select ARM systems and of course POWER - if 
they have truly valuable IP the cost for an owner controlled POWER 
system such as the TALOS 2 that lasts a decade and doesn't have 
"surprises" is a great deal.

There are already boards that have "fully open source firmware" you just 
aren't hearing about them, excluding development boards - the TALOS 2, 
Novena and KCMA-D8/KGPE-D16 systems fit in to this category (I play 
modern games on my D16, so one isn't stuck with chintzy ARM PC's)

Considering the level of IT waste in the average company there is always 
more than enough money to buy real security it just isn't allocated 
properly.

Vendor guarantees (which here you lack) are bogus and will never hold up 
in court - contrary to the goals of the bean counters who think they can 
outsource risk to a vendor ("no we don't need to worry about IT security 
its all in the cloud and someone elses problem")


If I was an IT manager I would be running me cleaner right now and 
looking in to non-x86 computers, I wouldn't be that thinking $20 to dell 
per/pc solves the issue.



More information about the coreboot mailing list