Hi Yannik, On 17.01.19 13:46, Yannik Catalinac wrote: >> Being a closed source this firmware may contain the backdoors or help >> the backdoor-like functionality of intel me. So yes, this is a privacy >> concerning thing. >>> Well, don't use modern controllers (ethernet, USB, etc.) if you don't >>> want proprietary firmware in them. But that's far from the original >>> question... > > To sum it up, I have 4 possibilities: > 1. Live without ethernet firmware and without internet
the ethernet firmware, if any, is part of the chipset and can't be removed. You can only remove its configuration data. > 2. Use the untrusted ethernet firmware with a small risk in terms of > security/privacy The bigger risk wrt. Intel's integrated ethernet is that the ME has a device driver for it. me_cleaner can remedy this, in theory (it still leaves unerasable ME firmware in a ROM where it's unknown if it contains an ethernet driver. > 3. Don't use the ethernet firmware and only use a free miniPCIe Wifi card? Is > this possible? I'm not sure if such a card exists. There are WiFi cards with free OS drivers (e.g. ath9k), but I would expect them to run some sort of firm- ware, too. Though, I don't see how that matters. The hardware vendors can deceive you; while it makes it easier, they don't need firmware for that. > 4. Don't use the ethernet firmware and only use a free USB Wifi stick USB at least doesn't give the WiFi full memory access by default. But regarding firmware see 3. > >> Also worth to mention, you don't have to add this file or any related >> file (ME, IFD) into coreboot. This option is only for people that want >> to put everything into a single file to flash at once. You can instead >> just write coreboot only, to the respective BIOS region in flash. And >> leave everything else intact. > > But than I can't disable Intel ME and can't use me_cleaner? > If I read correctly: when you disable Intel ME, you have to insert IFD and > GbE into coreboot? If you want to do all of that in one go and let the coreboot `make` do the ME cleaning, yes. > Btw, do I also have to insert EC firmware than? No, the T530 has its EC firmware in a separate flash. Nico _______________________________________________ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
