On 09/20/2016 01:31 PM, Peter Stuge wrote:
Trammell Hudson wrote:
it makes no sense to me why Intel has it shrouded in such secrecy.
There is no reason that I can see for it to be undocumented.


Please do read the book. It's quick, you'll need at most three hours.

http://www.apress.com/9781430265719
\

Interesting read - I see many problems in assuming security:

- It is too complex
- Not open code
- Likely back doors.
- traffic with Internet without user knowing or able to see


If I want a platform to hold business and financial information, I don't want closed ME code running that can be shut down from the outside - or pass traffic that I can't see. This gets to the key reason for coreboot - and unless we can completely replace/remove the ME code - I see this as less security not more.

In an earlier time I managed some EEs and a software team - very bright folks, but they had one blind spot - they were used to being among the brightest in the room and would correctly assume that no one else would understand what they were doing. But, if you apply the resources of a nation-state or even a wealthy crime syndicate, over time they will figure it out and find a way in. The more complex, the more likely there will be a hole - intentional or not.

In my mind the risk to world financial systems from back-doors is quite real 
and underestimated.

With out an open BIOS I think the best advise is to keep business intellectual property isolated from the Internet. At some point we need a machine with open storage hardware firmware as well..

It would be quite different if Intel was providing information and tools to roll your own ME code. Have to assume they were made an offer they couldn't refuse to be doing what they are.

The questions I have is if this is mostly for the DRM stuff that one doesn't need in a work environment or for some 3LA.


--
--------------------------------------------------------------------------------
Link to our website and get free US-48 shipping on your next order.

Karl Schmidt                                  EMail k...@xtronics.com
Transtronics, Inc.                              WEB 
https://secure.transtronics.com
3209 West 9th Street                             Ph (785) 841-3089
Lawrence, KS 66049                              FAX (785) 841-3089

If you are not part of the solution, you are part of the precipitate.
--------------------------------------------------------------------------------

--
coreboot mailing list: coreboot@coreboot.org
https://www.coreboot.org/mailman/listinfo/coreboot

Reply via email to