On Wed, Sep 27, 2017 at 10:10 AM, J.B. Nicholson <[email protected]> wrote:
> > > Quite; does this disable function fully and completely disable all attempts > at using any ME functionality such that nothing can re-enable the ME, or is > this disablement somehow impermanent or more limited in some way? > AFAIK the ME will start booting, see the switch, disable the watchdog that would shut the machine down in 30 minutes normally and turn itself off. > I ask because I vaguely recall that someone (Purism, perhaps?) had remote ME > accesses disabled but still allowed local accesses. This struck me as nearly > useless because such an arrangement would allow running a program to relay > ME requests and responses over a network connection (an ME proxy, > basically). > No Purism has effectively disabled the ME completely at this point. I say effectively because they have disabled everything but the BUP module. So no it doesn't have remote access and it can't run anny 3d party code. It seems like they have put this on hold and switched to porting Coreboot. But even assuming they had only disabled remote access wouldn't that mean that an attacker would need physical access to the machine instead of doing a remote attack? https://puri.sm/posts/neutralizing-intel-management-engine-on-librem-laptops/ > > _______________________________________________ > arm-netbook mailing list [email protected] > http://lists.phcomp.co.uk/mailman/listinfo/arm-netbook > Send large attachments to [email protected] _______________________________________________ arm-netbook mailing list [email protected] http://lists.phcomp.co.uk/mailman/listinfo/arm-netbook Send large attachments to [email protected]
