[coreboot] Anyone got an opinion, technical or otherwise, on this?
Vadim Bendebury
vbendeb at chromium.org
Tue May 2 23:56:33 CEST 2017
I wonder if anyone ever completely trusted AMT - maybe some naive excessive
cool-aid drinkers :)
-vb
On Tue, May 2, 2017 at 11:27 AM, ron minnich <rminnich at gmail.com> wrote:
> I wonder if anyone is going to completely trust AMT after this problem. It
> goes back almost 10 years. So for all those users who had it on for almost
> 10 years, the question becomes, how much did we lose and when did we lose
> it? The answer? We'll never know. Are we still owned? We don't know. Can we
> actually trust any reflash procedure, if the ME is owned while we try to
> reflash? Well, I hope so, but how can we know?
>
> It's a worrisome situation.
>
> ron
>
> On Tue, May 2, 2017 at 11:01 AM Patrick Georgi via coreboot <
> coreboot at coreboot.org> wrote:
>
>> Semi-Accurate only claims accuracy according to what's on the box. The
>> official documentation of the issue can be found at
>> https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075
>>
>> It looks like a software bug in the AMT firmware. Therefore:
>> - No AMT (eg on non-business consumer devices) -> no (bug | exploit).
>> - Present but disabled AMT (eg. on business devices without AMT
>> enrollment) -> no (bug | exploit). (although there's apparently a way
>> to enable AMT unsupervised under some circumstances with some level of
>> local access. or something.)
>>
>>
>> Patrick
>>
>> 2017-05-02 19:31 GMT+02:00 John Lewis <jlewis at johnlewis.ie>:
>> > https://semiaccurate.com/2017/05/01/remote-security-exploit-
>> 2008-intel-platforms/
>> >
>> > The article says "all" Intel boards since 2008 are locally vulnerable
>> > (ME exploit), but the Intel advisory (linked within) says consumer
>> > devices are okay.
>> >
>> > What the article says about even low end devices still having the
>> > features albeit turned "off" rings true to me, based on stuff I've read
>> > here and elsewhere. What's your take (bearing in mind the technical
>> > details aren't available, yet)?
>> >
>> >
>> > --
>> > coreboot mailing list: coreboot at coreboot.org
>> > https://mail.coreboot.org/mailman/listinfo/coreboot
>>
>>
>>
>> --
>> Google Germany GmbH, ABC-Str. 19, 20354 Hamburg
>> Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft:
>> Hamburg
>> Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle
>>
>> --
>> coreboot mailing list: coreboot at coreboot.org
>> https://mail.coreboot.org/mailman/listinfo/coreboot
>
>
> --
> coreboot mailing list: coreboot at coreboot.org
> https://mail.coreboot.org/mailman/listinfo/coreboot
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot/attachments/20170502/19001024/attachment.html>
More information about the coreboot
mailing list