[qubes-users] Re: Anyone disabled the Intel ME yet?

2017-10-22 Thread Theo
On Monday, 18 September 2017 13:33:31 UTC-7, alexc...@gmail.com  wrote:
> Has anyone here successfully disabled the Intel ME yet?


Purism says they are diabling it by default on all laptops they are sending out 
now.

Ref:
https://puri.sm/posts/deep-dive-into-intel-me-disablement/

Now if only the hardware was just slightly more powerfull and future oriented.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9e0e4519-012d-4b92-8ebd-e70f95377f6b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Anyone disabled the Intel ME yet?

2017-09-25 Thread pixel fairy
i would find a list of annoyances with qubes 4 on a librem 15 helpful. im 
thinking of getting one.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/99e8ad7f-c101-437f-89e9-1298c8054eb1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Anyone disabled the Intel ME yet?

2017-09-25 Thread Sean Hunter



> On 25 Sep 2017, at 07:45, rysiek  wrote:
> 
> These are not really good options for laptops. :(

I am running Qubes 4.0 rc 1 on a librem purism 15v3. I believe (may be wrong) 
that it comes with ME disabled. Seems a great laptop so far with a couple of 
small annoyances which I’m happy to post to the list separately if people would 
find that helpful. 

Sean

Sent from my phone. Sorry if brief. 


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/136A1245-F072-44E5-87FD-E67F8AEC5986%40uncarved.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Anyone disabled the Intel ME yet?

2017-09-25 Thread Alex
On 09/25/2017 08:45 AM, rysiek wrote:
> Dnia Sunday, September 24, 2017 9:23:06 PM EEST filtration pisze:
>> My motherboard has a "Disable ME" jumper. Not good enough for many
>> of you, I know.
>> 
>> As far as AMT, apparently the entry is through Intel NICs. I hoped
>> to mitigate it by using a third party NIC. The Intel device stayed
>> lit (amber, not green) on power off, my new one is completely off
>> when powered off.
> 
> These are not really good options for laptops. :(
> 
They may even be worse - I used to have a tablet with a "Intel ME
Disable" option in the bios, and tried to flip that setting.

The tablet would not start anymore, and had to buy a clip to reflash the
bios eeprom to be able to recover it.

-- 
Alex

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4009ccf0-6eec-fa32-c42b-7809a2ccfc75%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature


Re: [qubes-users] Re: Anyone disabled the Intel ME yet?

2017-09-25 Thread rysiek
Dnia Sunday, September 24, 2017 9:23:06 PM EEST filtration pisze:
> My motherboard has a "Disable ME" jumper. Not good enough for many of
> you, I know.
> 
> As far as AMT, apparently the entry is through Intel NICs. I hoped to
> mitigate it by using a third party NIC. The Intel device stayed lit
> (amber, not green) on power off, my new one is completely off when
> powered off.

These are not really good options for laptops. :(

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2185343.oOzdqdhnf9%40lapuntu.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: This is a digitally signed message part.


[qubes-users] Re: Anyone disabled the Intel ME yet?

2017-09-24 Thread filtration
cooloutac:
> On Sunday, September 24, 2017 at 8:24:44 PM UTC-4, cooloutac wrote:
>> On Thursday, September 21, 2017 at 12:08:41 PM UTC-4, Hugo Costa wrote:
>>> On Thursday, 21 September 2017 07:23:01 UTC+1, Alex  wrote:
 Replying to this thread to report that somebody DID ACTUALLY find an
 exploitable vulnerability in the latest IME 11+, and they will be
 sharing nothing less that this UNSIGNED CODE EXECUTION vuln at blackhat
 europe 2017.

 Abstract here:
 https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668

 Title is pretty scary, but we'll see if it's actually that dangerous

 -- 
 Alex
>>>
>>> Was going to post the same. 2 Russian researchers that a couple weeks ago 
>>> found out a way to clean some modules on Intel ME now have found a 
>>> significative exploit that allows them to actually run code on a piece of 
>>> hardware with direct access to the network. The scary thing is - it's 
>>> impossible to detect.
>>
>> and thats prolly just what we know about lol.
> 
> I feel like cause I live in nyc that you just expect this type of stuff from 
> your friends and neighbors hahaha.  maybe not the same means but the same 
> ends.  but ya hardware level stuff is scary,  cause that means real security 
> means alot of money, so poor people are screwed.
> 

My motherboard has a "Disable ME" jumper. Not good enough for many of
you, I know.

As far as AMT, apparently the entry is through Intel NICs. I hoped to
mitigate it by using a third party NIC. The Intel device stayed lit
(amber, not green) on power off, my new one is completely off when
powered off.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c6467dfa-2bb1-e0ec-8b3a-f433d228332a%40posteo.de.
For more options, visit https://groups.google.com/d/optout.