On 24 November 2017 18:19:23 EET, Giovanni Biscuolo <g...@xelera.eu> wrote:
>[...]
>
>2. between the "user facing OS" and the hardware there are at least 2 ½
>OS kernels (MINIX and UEFI)
>3. these are proprietary and very likely exploit-friendly
Update: Have been exploited...
(And you wouldn't even realize it!)
https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668
>4. the exploits can persist, i.e. be written to FLASH, and you can't
>fix that
> [...]
In short:
We are essentially being forced, without even being told, to run buggy
proprietary code in a very powerful and very capable hyper-hyper-visor of our
OS, which can (benign or maliciously) control both the (free) software we run
and the hardware we "own", without our knowledge.
(See also in-line comment below..)
Greetings,
Jann
PGP 0xE7A47A578A30148A
_______________________________________________
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion
