[coreboot] Remote security exploit in all 2008+ Intel platforms

Taiidan at gmx.com Taiidan at gmx.com
Mon May 1 19:35:36 CEST 2017


I don't like that article because they shill for purism at the end.

Nothing that purism does is special they're just an overpriced quanta 
laptop that they ran someone elses tools on - they'll never figure out 
how to really disable ME because it can't be done.

I can't understand why they didn't just go with a realistic option that 
can be free such as FM2.

On 05/01/2017 01:13 PM, Timothy Pearson wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 05/01/2017 11:16 AM, persmule wrote:
>> We could just remove or cleanse <https://github.com/corna/me_cleaner>
>> the ME to seal this loophole.
> This particular hole, perhaps.  Do we know that "cleansing" the ME
> doesn't simply introduce a bigger hole?  Why are the non-removable bits
> so heavily obfuscated, anyway?
It is disturbing that intel is so evasive on the ME question, why is it 
present on every platform even consumer ones that lack remote management 
anyway? (besides the DRM stuff no one uses like PAVP)
> The ME is bad news from a security perspective, period.  Security
> conscious organisations, or those handling high value data, should not
> be using Intel products (unless perhaps they have a signed financial
> guarantee of data privacy and integrity from Intel...)
>
> - -- 
> Timothy Pearson
> Raptor Engineering
> +1 (415) 727-8645 (direct line)
> +1 (512) 690-0200 (switchboard)
> https://www.raptorengineering.com
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEcBAEBAgAGBQJZB2yrAAoJEK+E3vEXDOFboYUH/i00HzanuLFUOyBJxHt+AFtJ
> //nV6o+1h9H7u4RmoH3kQXzIJB8KXhrhkFH0SYIJtrQGswjDMPp0FIpWa/slRwym
> NqmaTKKpBivJzfBHTv/UQJ0tp4IddVuhyF8eKvDb6R/hM76RlFGsQ4aZoqq88UD4
> ZzizORd1ktmO8Qe2waxYds9Mi8pUj/wGyjOdGFWEbOs0Syw/k1azSsng+8wR72y1
> Fn37VMku/GChTM6bjw1zrObUVOm77QO5FD/5OqvC8H+ruyTqSPHwunUUd+z6DGby
> Bw0ZKidi0+kqhPiPY76duEhVDkaiy9YinH66p5EQW4B5bJGNn03lhSJERnR5jVc=
> =9hlc
> -----END PGP SIGNATURE-----
>




More information about the coreboot mailing list