[coreboot] T450S + Coreboot

Youness Alaoui kakaroto at kakaroto.homelinux.net
Wed Aug 29 23:41:11 CEST 2018


 Wow, Mike, seriously, I am going to side 100% with Nico, you are
spreading FUD, making your own personal opinions (which are themselves
derived from other people's FUD) and stating them as the universal
law.
The ME is not known to be a backdoor. It doesn't mean that it's not a
backdoor, it simply means that it's not known to be a backdoor. The
fact that it's closed source and not user-controlled (Even if you had
the sources, you can't modify them and update it to your custom ME
version) is where the problem actually is. There *might* be a backdoor
hidden somewhere in there, or maybe there isn't, nobody knows, but
there has been a lot of research done on the ME and so far, none have
been found as far as I know.

Your worry about what the ME does, how it can give someone control
over the PC, etc.. are NOT what qualifies it as a "backdoor", but like
Nico said, it's a frontdoor, it's not a "hidden access", it's a
"promoted access" to the PC, it's the main ME functionality which is
well documented. You don't have to use some "only known to some secret
person" trick to access the ME, you just need to point your web
browser to the right port on localhost.
Your comparison of saying the ME is a backdoor is like saying that a
webcam is a spying device because it can capture images of you! Yeah,
sure, that's technically true, it can capture images of you, but only
after you plug it in and open an image capture software, and you still
have control of those images. The fact that the webcam schematics
isn't open means that it could still have a small wifi or GSM chip
embedded inside which makes it send the images to the CIA, but it's
not a guarantee that it does. So, yes, you can complain that the
webcam isn't open hardware so you can't technically trust what it
does, but you can't just come out and say with absolute certainty that
any and all webcams in the world are spying devices for the CIA,
that's just ridiculous.

So, back to the ME, we know exactly what it does, it's all extremely
well documented and explained, the fact that it allows remote control
of the PC is actually the reason for its existence and it's a very
very valid reason in the corporate context and the fact that those
features also 'coincidentally' resemble the features of an actual
'trojan horse' virus, doesn't mean that the ME itself is a virus..
otherwise the 'rm' linux command would be considered a virus since it
deletes files and there are some viruses that can delete your files as
well....
Now the problem is that it's closed source, and not user controlled
(remote control features *are* user controlled, I'm talking about
being able to replace the firmware with your own), so yes, it can't be
audited by the larger open source community, but that also doesn't
guarantee any security necessarily (how many open source programs
still have security bugs?).

Either way, you yourself said earlier, when talking about the AtomBIOS
that "it could be disassembled quite well with AtomDis -
https://github.com/mikebdp2/AtomDis - reducing any security concerns
regarding this blob to a minimum.", well, the ME can be disassembled
with any x86 disassembler, so why can't you also say that "reduces any
security concerns regarding the ME to a minimum".

We're about to get full control back of the ME. I've been working for
the past few weeks on reproducing the PTResearch buffer overflow
exploit on the ME, and yesterday they released a PoC for Apollolake
(in case you missed it : https://github.com/ptresearch/IntelTXE-PoC),
so with the progress I made and with that, I should be able to soon
port it to skylake (and write docs on how to port to other platforms
as well) which will at least give us the ability to gain back the
'user-controlled' aspect of it as we'd have code execution on it.
Which by the way, also means that BootGuard can be disabled (since the
ME is the one checking for the boot guard signatures), which should
enable the ability to port coreboot to a lot more machines (including
the T450S that this thread is supposed to be about). Hopefully....

On Wed, Aug 29, 2018 at 5:50 AM Mike Banon <mikebdp2 at gmail.com> wrote:
>
> > What suspicious activities? I know, for many people the Intel ME firmware
> > contains unwanted features. But these features are documented.
> > In your world, a device becomes backdoored because somebody
> > didn't read the manual?!?
>
> Somewhere I've seen a report about Intel ME suspicious network
> activities (if I remember correctly they were using Wireshark on a PC
> placed between a computer with ME and the outside network) which has
> affected my personal opinion. Although it could be argued that its
> just some OEM has set up their ME in such a way, maybe even in a
> documented way (although a way undesirable to the end user), still it
> didn't look good to me. In addition, regarding all those Intel ME
> vulnerabilities recently discovered: one could assume that at least
> some of these "vulnerabilities" @ were actually the backdoors which
> have been patched just because they have been discovered by someone
> else than the american intelligence agencies who always knew them @ .
> Now Intel has patched these "vulnerabilities", but we do not know if
> some other "vulnerabilities" have been left unnoticed by the outsiders
> or if some new "vulnerabilities" have been added. And we the open
> source enthusiasts can't even verify that personally, because the
> source code of Intel ME firmware is closed. I cannot understand, how
> such a high level professional open source developer as you, Nico,
> finds it okay to just trust Intel ME despite its' deeply proprietary
> nature. Management engine with a closed source proprietary firmware -
> it even sounds awful..... I totally agree with Richard Stallman when
> he calls Intel ME a backdoor - https://stallman.org/intel.html
>
> > Please read [1] and [2] very carefully, I hope even you will spot
> > technical differences. [...] You cannot just take somebody's words
> > and give them a different meaning just because somebody else used
> > them in a different context. [...] You did it again, btw., stating something
> > (definition of frontdoor) and making it look like the generally accepted definition.
>
> Before receiving your message I knew only one definition of a
> "frontdoor" computing term which I described in my previous message.
> Although I don't know which definition is more popular, sorry for
> misunderstanding you.
>
> Mike
>
>
> On Wed, Aug 29, 2018 at 12:24 AM Nico Huber <nico.h at gmx.de> wrote:
> >
> > *sigh*,
> >
> > On 28.08.2018 22:00, Mike Banon wrote:
> > > You are right, my choice of words has been far from ideal. I apologize
> > > for that. However, to be confident that Intel ME is a backdoor
> > > (personal opinion) - one does not have to be its' creator.
> >
> > sorry I meant the creator of us (God) not the ME. I doubt the creator
> > of the ME knows everybody's opinion either. Which is what I was talking
> > about. A good practice is to quote and answer below that quote, this way
> > you can easily check if what you write makes sense in the given context.
> >
> > > I think
> > > there are enough documents describing its' functionality and enough
> > > evidence gathered by the independent security researchers about the
> > > suspicious activities of this hardware module. If it looks like a
> > > duck, swims like a duck, and quacks like a duck, then it probably is a
> > > duck?
> >
> > WTF again? what suspicious activities? I know, for many people the ME
> > firmware contains unwanted features. But these features are documented.
> > In your world, a device becomes backdoored because somebody didn't read
> > the manual?!?
> >
> > > There are no technical differences between the 'backdoor', and
> > > 'frontdoor'.
> >
> > Please read [1] and [2] very carefully, I hope even you will spot tech-
> > nical differences.
> >
> > > Like a 'conspiracy theorist', 'frontdoor' is a term
> > > coming from the american 3-letter-agencies. 'Frontdoor' is their term
> > > for a 'backdoor' to which only they (currently) have an access. This
> > > article summarizes it well:
> > > https://www.justsecurity.org/16503/security-front-doors-vs-back-doors-distinction-difference/
> > > . 'Backdoor' term has a negative reputation, so they would like to
> > > push this 'frontdoor' term forward.
> >
> > This is very infantile. You cannot just take somebody's words and give
> > them a different meaning just because somebody else used them in a dif-
> > ferent context. When I say frontdoor, I mean a door at a front where
> > everyone can see it. A backdoor implies something hidden, the ME fea-
> > tures were never hidden (AFAIK, a stupid OEM may prove me wrong, but I
> > don't know any instance).
> >
> > You did it again, btw., stating something (definition of frontdoor) and
> > making it look like the generally accepted definition.
> >
> > Nico
> >
> > [1] https://en.wiktionary.org/wiki/back_door
> > [2] https://en.wiktionary.org/wiki/front_door



More information about the coreboot mailing list