[coreboot] T450S + Coreboot

Youness Alaoui kakaroto at kakaroto.homelinux.net
Mon Sep 10 22:49:37 CEST 2018


On Sat, Sep 8, 2018 at 2:31 PM Peter Stuge <peter at stuge.se> wrote:
>
> Youness Alaoui wrote:
> > So, back to the ME, we know exactly what it does, it's all extremely
> > well documented and explained
>
> I disagree with this.
>
> It is absolutely true that *some* of what the ME does is extremely well
> documented and explained by the vendor, web services APIs and all, but
> I would argue that in fact *most* of what the ME does is *not* documented
> by the vendor, nor by independent research.
>
I mostly agree, I was referring to Mike's talk about the remote
control features, so yes, I should have said "AMT is well documented",
but yes, there are huge portions of what the ME itself does (such as
the power on sequence, or what/how it sets some registers) which are
totally undocumented.
So yes, even if we don't know exactly what the ME does during the
power sequence (among other things), we still know that "it
initializes hardware", we just don't know how it achieves that task.
So we know "what it does", but we don't know "exactly what it does"
and we don't know "how it does it", which is where I was wrong in my
previous statement.

However, we need to differentiate between "this ME is something
obscure that we have no idea what it's for" versus "we know what this
ME thing is supposed to be for or what it's supposed to be doing, we
just have no way to be sure that it doesn't do anything else or that
it does what it's supposed to".
I disagree with the idea that the ME is this black box, this sort of
"hidden spy device" that gives full remote capabilities to some
unknown entity in the same way that I would disagree that because MS
Windows is closed source that any Windows machine is fully
remote-controlled by M$ employees at any time or that the OS is
commissioned by the CIA or whatever. I do agree that because it's
closed source, we can't know whether it is or not, but it's just not a
guarantee that it is.


> Since the ME is colocated with the x86 VM host, has access to all x86 VM
> memory *and* is a proprietary machine or subsystem I actually don't
> believe that we will ever "know exactly what it does".
>
Well, we could know, if we reverse engineer its code from the maskrom
to the BUP, but yes, it would be very hard to fully know for certain.
Besides, I'd assume that anything malicious would probably be written
in silicon rather than in reverse-engineerable code. So I'd apply the
same idea to the whole PCH/CPU. The major problem with the ME when
compared to my previous comparison with MS Windows is that we can
chose Linux instead of Windows, but we can't choose to disable or to
use a custom ME firmware (i.e: the not-user-controlled issue).

>
> > Now the problem is that it's closed source, and not user controlled
>
> Right.
>
>
> //Peter
>
> --
> coreboot mailing list: coreboot at coreboot.org
> https://mail.coreboot.org/mailman/listinfo/coreboot



More information about the coreboot mailing list