Linked by Thom Holwerda on Wed 22nd Nov 2017 22:58 UTC
Hardware, Embedded Systems

The Intel Management Engine (ME), which is a separate processor and operating system running outside of user control on most x86 systems, has long been of concern to users who are security and privacy conscious. Google and others have been working on ways to eliminate as much of that functionality as possible (while still being able to boot and run the system). Ronald Minnich from Google came to Prague to talk about those efforts at the 2017 Embedded Linux Conference Europe.

Order by: Score:
Comment by Licaon_Kter
by Licaon_Kter on Wed 22nd Nov 2017 23:38 UTC
Licaon_Kter
Member since:
2010-03-19
RE: Comment by Licaon_Kter
by Alfman on Thu 23rd Nov 2017 01:06 UTC in reply to "Comment by Licaon_Kter"
Alfman Member since:
2011-01-28

Do you know if google's ME distro depends on the very same local privilege escalation vulnerability that intel disclosed and is fixing?

I'd really love for an open source ME to become viable, but having a project be dependent on code faults really sucks.

It's like jailbreaking an iphone; there's lots of innovative potential for owners, but dev teams are constantly forced to combat apple efforts to lock owners out of their own devices. It shouldn't be this way.

Reply Score: 4

Same talk and slide?
by dungsaga on Thu 23rd Nov 2017 09:29 UTC
dungsaga
Member since:
2005-07-12

Is this the same talk and slide reported in "Replacing exploit-ridden firmware with a Linux kernel" (http://www.osnews.com/story/30062/Replacing_exploit-ridden_firmware...) ?

- talk: https://www.youtube.com/watch?v=iffTJ1vPCSo
- slide: https://schd.ws/hosted_files/osseu17/84/Replace%20UEFI%20wit...

Reply Score: 2

Phew
by Poseidon on Sat 25th Nov 2017 23:24 UTC
Poseidon
Member since:
2009-10-31

Main Board manufacturers have been working overtime on this on all supported products.

The paranoid in me tells me to question the decision from Intel of not being able to turn it off, in order for users being forced to buy newer, supported hardware, and even then, it's largely undocumented, so you're as secure as publicly possible, since anyone that has stolen the specifications for the system or paid anyone on the team to get a hold of them can do a lot of damage even on a fully patched system.

Reply Score: 2

Linux And Rust...
by dionicio on Mon 27th Nov 2017 15:07 UTC
dionicio
Member since:
2006-07-12

Of the House, approach. Filling and Plaster allegory. Obviously as deep as They can get. Problem belongs to Intel and stronger answer should come from Them.

In fact, don't feel this effort as collaborative in spirit.

Babel grows and grows...

Edited 2017-11-27 15:13 UTC

Reply Score: 2