On Mon, Nov 25, 2019 at 11:55:11AM +0000, grizzlyuser wrote: > On Saturday, November 23, 2019 7:04 PM, bill-auger > <[email protected]> wrote: > > > i had the same thought recently too - grizzlyuser has also been > > very helpful > > It's very pleasant to see myself mentioned in this thread! Seing > dedication of Parabola hackers to the project inspired me to do > my small contributions. I'd be happy to be more involved. > > However I'm not sure if it'd be appropriate for me to package > anything, because my laptop contains Intel Management Engine. > It's not clear if there's any practical need for IME to mess > with built binaries / packages. Although manufacturer (Dell) > claims ME is disabled in my configuration, intelmetool utility > says otherwise, and I haven't yet taken the risk of bricking my > only computer by using me_cleaner to neutralize IME.
The IME is a local concern and not a remote one. Someone would have to be on your local network segment to Futz with the machine and that is only if you are using one of the "blessed" NICs (like the built in Ethernet or wifi). We also have a build host "Beefcake" that you could build things on if you are still worried. A lot has been made of the IME because of its ring -3 ness But any maliciousness is theoretical at best (bugginess has been proven. But no one has found code that would do thing all on its own). And as I said above to use it as a backdoor someone has to directly access the machine or be on the same network segment (LAN) while you are using one of the Blessed NICs
signature.asc
Description: Digital signature
_______________________________________________ Dev mailing list [email protected] https://lists.parabola.nu/mailman/listinfo/dev
