[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Libreboot] Blocking Intel ME ?
|
From: |
Daniel Tarrero |
|
Subject: |
Re: [Libreboot] Blocking Intel ME ? |
|
Date: |
Tue, 02 Feb 2016 13:13:13 +0100 |
El mar, 02-02-2016 a las 16:46 +0530, Jay Aurabind escribió:
> On 30 January 2016 at 21:09, tech-info <address@hidden> wrote:
> > Hi There,
> >
> >> In the mean time, logging traffic to spot odd packets is a great idea.
> >> People
> >> should document and publish malicious traffic from their networks.
> >
> > To be 100 % sure, this has to include a professional pentester who
> > checks the traffic. Because methods to hide "malicious traffic" inside
> > the "allowed traffic" do exist.
> >
> > Gerd
> >
> >
>
> I read that Intel ME will not load firmware unless its signed by Intel
> and that if signature verification fails, the ME core shuts down. In
> that case, why dont we just make a fake firmware and force it to load
> the fake one ? This way the ME core will remain shut down everytime it
> boots, isnt it ?
>
>
... also there are Intel's methods and software to check status and/or
disable it:
https://software.intel.com/es-es/forums/intel-business-client-software-development/topic/563988
the thing is, do you trust intel? do you trust all people who works in
intel? were there big software faults and hidden specification in the
past that let security holes in your machine?
If yes, then the bios changes, the intel's software resoults, and also
the actions taken by iME when faulty firmware is loaded will all be good
and known
If no, we have to go deeper into other ways to disable it, more far than
Intel's given instructions and specifications
:)