The Intel Management Engine (ME), which is a separate processor and operating system running outside of user control on most x86 systems, has long been of concern to users who are security and privacy conscious. Google and others have been working on ways to eliminate as much of that functionality as possible (while still being able to boot and run the system). Ronald Minnich from Google came to Prague to talk about those efforts at the 2017 Embedded Linux Conference Europe.
Since this is a thing: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-000…
And then this: https://www.gigabyte.com/Press/News/1582
Do you know if google’s ME distro depends on the very same local privilege escalation vulnerability that intel disclosed and is fixing?
I’d really love for an open source ME to become viable, but having a project be dependent on code faults really sucks.
It’s like jailbreaking an iphone; there’s lots of innovative potential for owners, but dev teams are constantly forced to combat apple efforts to lock owners out of their own devices. It shouldn’t be this way.
Is this the same talk and slide reported in “Replacing exploit-ridden firmware with a Linux kernel” (http://www.osnews.com/story/30062/Replacing_exploit-ridden_firmware…) ?
– talk: https://www.youtube.com/watch?v=iffTJ1vPCSo
– slide: https://schd.ws/hosted_files/osseu17/84/Replace%20UEFI%20wit…
Main Board manufacturers have been working overtime on this on all supported products.
The paranoid in me tells me to question the decision from Intel of not being able to turn it off, in order for users being forced to buy newer, supported hardware, and even then, it’s largely undocumented, so you’re as secure as publicly possible, since anyone that has stolen the specifications for the system or paid anyone on the team to get a hold of them can do a lot of damage even on a fully patched system.
Of the House, approach. Filling and Plaster allegory. Obviously as deep as They can get. Problem belongs to Intel and stronger answer should come from Them.
In fact, don’t feel this effort as collaborative in spirit.
Babel grows and grows…
Edited 2017-11-27 15:13 UTC