On 08/29/2017 11:02 PM, Sandy Harris wrote: > As I probably should have known, Qubes developers are already well > aware of this. See for example: > https://blog.invisiblethings.org/papers/2015/x86_harmful.pdf Exactly.
To give a little more context: * Intel ME is a totally independent, totally opaque (officially at least) stand-alone computer system attached to any recent x86/x86_64 chipset (reminds me of the Cordyceps "zombie fungi" family) * It is able to reach various devices deemed "dangerous" in a computer system (network adapters, ram, input devices) in a way that is both unnoticeable and uncontrolled by the host system * The software it runs can only be updated as a blob by customers, but is signed and encrypted by Intel, so no insight nor customization is available beyond some simple "variable-setting" tool * While it may be useful for remote/centralized provisioning/maintenance of large corporate networks (citation needed, perhaps), it has quickly grown very large and complex (hence, linearly buggier) * The latest versions of ME are absolutely necessary for Intel-based chipsets to perform basic boot functions (power management, initializations) * The dangers of this tool fall into two categories: intentional remote administration backdoors and unintentional exploitable bugs, both of which cannot be checked for nor ruled out without considerable effort in accessing the software (which has already been, partially, done - but yet, I don't expect anyone decapping a south bridge chip any time soon!) * The worst part is that this remote administration engine is pre-installed into and (as of the latest versions) un-removable from any recent Intel-chipset-based motherboard, even consumer-grade ones or mobile-oriented ones (low cost tablets that are extremely unlikely to be used by large corporations), prompting the question "is it really about central administration/maintenance for corporate users?" Because of this context it is usually regarded as a necessary evil, but any security-minded Intel customer will try its best to disable as much ME functionality as he/she can, hence the research that produced the paper you linked to in your first post. Please also note that any remote administration command can only be received through networking, so proper firewalling (ipv6 may complicate things - prepare your studies in advance) and monitoring may help great lengths. Also, do avoid using x86-based firewalls/routers... ;) -- Alex -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c3bcfc1a-15b9-54ab-69e3-4dd98d3d4de7%40gmx.com. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
