On Wed, Aug 2, 2017 at 11:48 AM Daniel Pocock <dan...@pocock.pro> wrote:
> I understand that with LibreBoot and one of their supported laptops it > is possible to completely eliminate the risk by removing 100% of > proprietary/hidden code. > I'm glad they did this but ... you need to understand that the laptop in that case is 10 years old (or is there a newer one I missed?). There is a core set of functionality the ME provides on newer chipsets that as far as we know, can not be removed :-( > > However, for people who choose Coreboot, ME_Cleaner, a Purism laptop or > some other compromise, leaving in place around 90kb of the Intel code, > is there a concise way to explain the attack vectors that they eliminate > and the attack vectors that remain? > well, as purism has pointed out, due to a bug, they only check signing on 1/4 of that ME code (IIRC). So, if you want, you could embed your exploits in the other 3/4. That's about 65K. What could you do? I am guessing a lot. And, further, if such exploits can be done, and have been possible for at least 10 years, it's reasonably to assume they HAVE been done and are out there now. Bummer. > > For example, I've read that Purism doesn't use vPro-compatible wifi > hardware, so my impression is they eliminate random attacks coming in > through the network and spontaneously activating Intel ME, but if > malicious code does get into Intel ME by some other means (such as a > malicious email attachment) it may still be able to hide there > indefinitely and use any network device on the machine to call home? > > > Can it get in via malicious email attachment? What's the path for that? Seems hard but I'm willing to believe anything nowadays after reading about all these sideband attacks.
-- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot