[coreboot] Remote security exploit in all 2008+ Intel platforms

[Timothy Pearson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/01/2017 03:15 PM, Rene Shuster wrote:
> Yes Puri.sm has been debunked. Can someone confirm that if you want
> recent hardware without Intel ME then Chromebooks with MrChromebox.tech
> SeaBIOS ( https://mrchromebox.tech/#devices ) is the way to go?
> 

No, that is not the way to go.  Those machines still require the ME (or
a "cleaned" ME) to operate.  The "cleaned" ME is still suspect in my
book due to the fact that we have no idea what mode the ME hardware is
operating in, combined with the fact that Intel would have no
responsibility for any data breaches arising from a "cleaned" ME since
the hardware is operating in a mode it was never intended to operate in
outside of potentially Intel's facilities.

If you want to avoid the ME, you will need to switch to ARM or POWER or
use older x86 hardware from the 2012 era.  The ARM Chromebooks aren't
bad, but I personally find the keyboard and trackpad on the ASUS models
lacking.

- -- 
Timothy Pearson
Raptor Engineering
+1 (415) 727-8645 (direct line)
+1 (512) 690-0200 (switchboard)
https://www.raptorengineering.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJZB5muAAoJEK+E3vEXDOFbGn8H/Az6let+sT1qB84iU+XZ+Zmu
eGCUCeeG25E99QYf0h4mTkzmlsWijWNKxsqeoD3zDeku67ANBEmG2QO0Lsde21k+
vFqggIR2nh0+552j1xVRZPAkQlJyGkTSeCkyTTq8qb1VmSXJJuhpfTmIAzX9rdSG
xPVI/8elBDPE05P33fOlBEyOs1K3ADKyJRO7MpWvw+I1ppcVqlPz1CwEgDuqAfcq
gQzyzSvLla2o2anGSPS3ht5xXSgnocCsgOSMeKPMUtC9rciH7zVimMng9qbwbMxZ
yenI0Lt11NsTsAAsZd4nDczc8SSOtSt99a0GpWp5w0V7KYp/bdLNH1tILap4cm0=
=uP7X
-----END PGP SIGNATURE-----