IME (I is typo) = ME . Zoran
On Fri, Dec 15, 2017 at 5:14 PM, Gregg Levine <gregg.drw...@gmail.com> wrote: > Hello! > (I'm working from the office today on a library computer...) > My regular laptop might be wearing one of those dratted things. But > before we start confusing people further, perhaps one of the group > needs to reiterate exactly what that contraption is, and why it was > necessary. Oh and what the cleaner is supposed to do, and why machines > who were cleaned of it, may not work correctly, or even may. > > I've got an interesting idea that I do know what it does, and why, but > there must be a few people there who're confused about what the IME is > and isn't. > ----- > Gregg C Levine gregg.drw...@gmail.com > "This signature fought the Time Wars, time and again." > > > On Fri, Dec 15, 2017 at 10:00 AM, Philipp Stanner <stan...@posteo.de> > wrote: > > Thanks. > > > > They didn't seriously include a Java Runtime Environment into the IME?? > > I can't believe what's going on with this company. > > > > Am Freitag, den 08.12.2017, 16:16 +0100 schrieb Thomas Heijligen: > >> For those who are interested in the Intel ME, the slides and white > >> papers > >> from the Black Hat Europe are public. > >> > >> https://www.blackhat.com/docs/eu-17/materials/eu-17-Goryachy-How-To-H > >> ack-A-Turned-Off-Computer-Or-Running-Unsigned-Code-In-Intel- > >> Management-Engine.pdf > >> https://www.blackhat.com/docs/eu-17/materials/eu-17-Goryachy-How-To-H > >> ack-A-Turned-Off-Computer-Or-Running-Unsigned-Code-In-Intel- > >> Management-Engine-wp.pdf > >> https://www.blackhat.com/docs/eu-17/materials/eu-17-Sklyarov-Intel-ME > >> -Flash-File-System-Explained.pdf > >> https://www.blackhat.com/docs/eu-17/materials/eu-17-Sklyarov-Intel-ME > >> -Flash-File-System-Explained-wp.pdf > >> > >> In the conclusion they say "[...]. Such a vulnerability has the > >> potential to > >> jeopardize a number of technologies, including [...] Intel Boot > >> Guard > >> [...]. > >> > >> Maybe it's possible to deactivate Boot Guard permanently or inject > >> custom > >> keys to run own firmware. > >> > >> > >> On 08.12.2017 15:40, Alberto Bursi wrote: > >> > On 12/08/2017 02:59 PM, Timothy Pearson wrote: > >> > > > >> > > That's just the HAP bit. The ME is limited but NOT disabled, and > >> > > the > >> > > remaining stubs are still hackable [1]. > >> > > > >> > > Neither the ME or the PSP can ever be removed from their > >> > > respective > >> > > systems. They can both be limited to some extent, but to call > >> > > either > >> > > of > >> > > them "disabled" is rather far from the truth. > >> > > > >> > > > >> > > >> > Hacking them requires being able to write in the SPI flash, or to > >> > have > >> > buggy UEFI firmware. Which means most systems are still vulnerable. > >> > > >> > But it is also true that if someone can hack UEFI he pwns you > >> > anyway, > >> > even without ME. > >> > > >> > So imho ME with the HAP bit can be called "disabled", although the > >> > fight > >> > isn't over as ME isn't the only thing that was a threat anyway. > >> > > >> > There is still need to secure the UEFI firmware (which is needed > >> > even > >> > if > >> > ME didn't exist), and doing a hardware mod to have a hardware > >> > switch to > >> > turn the SPI chip read-only at the hardware level (also needed > >> > regardless of ME). > >> > > >> > I think many SPI chips only need some pin pulled high/low to go in > >> > read-only mode, and I frankly trust a dumb switch many orders of > >> > magnitude more than Boot Guard or anything software-based. > >> > > >> > -Alberto > >> > >> > > > > -- > > coreboot mailing list: coreboot@coreboot.org > > https://mail.coreboot.org/mailman/listinfo/coreboot > > -- > coreboot mailing list: coreboot@coreboot.org > https://mail.coreboot.org/mailman/listinfo/coreboot >
-- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot