thanks Peter and Nico for the information, it is really helpful. I also agree with the assumption that ME is connected to the internet through the same network card we use.
But then, there is a familiar statement on the internet, that ME is still running and connected to the internet, even when the computer is off, as long as it has a battery. Let's say, we only use WIFI WLAN cards for internet connection, and the WIFI router requires a password for access, how ME is still running when the computer is off, and connected to the Wifi router without password ? On Sat, Oct 2, 2021 at 1:58 AM Nico Huber <[email protected]> wrote: > Hi Hendra, > > On 01.10.21 17:43, Hendra wrote: > > I read in Wikipedia that Intel ME has an independent internet connection. > > But what does "independent" mean ? > > I don't think that's true. Maybe one could twist the word "independent" > enough so it makes sense, but I wouldn't call it that. I would say a > shared internet connection. > > It can use the same internet connection, without your OS knowing. But > that doesn't mean you wouldn't be able to know it. If you have the > machine at hand, and it's not protected by some BIOS password voodoo, > you can just look into the ME settings. > > > > > Is it an independent internet connection from the OS ? > > Close. The ME firmware (another OS on another core) can use the same > network controllers as your OS. I'm not sure about the details, but > I assume it filters TCP ports to offer its own services. So I'd say > it uses independent TCP ports? *shrug* > > A quick search for "intel amt configure ip" led me here [1]. It seems > there was a time when one could configure individual IP addresses for > ME and host OS's, but that ended about 10 years ago. > > AMT is the name of the networking software that runs on the ME btw. > Many ME firmware packages don't have AMT at all. So officially, these > couldn't do networking. Absence of a piece of software is hard to prove, > though. And they could plausibly deny having put it there on purpose, > as they could just say they mixed the packages up. That's my biggest > concern about the ME. Intel makes it very hard to see what software > is installed and allowed to run. > > AIUI, but I'm not 100% sure, computers with AMT should be tagged "vPro". > > > > > or is it an independent internet connection from the network related > > devices ? > > such as: wwan card, wlan card, bluetooth module, wimax card > > No, it would use one of those. > > > or maybe it has its own secret/hidden independent networking device, > > so it can connect to the internet, > > without depending on Laptop's networking device, > > such as: wwan card, wlan card, bluetooth module, wimax card ? > > Very unlikely. And only if they had hidden it very well and implemented > it additionally to the publicly documented networking stuff. If you > suspect a silicon vendor to do that, any of them could. No ME needed. > But it would probably look suspicious under a microscope. FWIW, nobody > has seen something like that in Intel's chipsets. OTOH, usually when > somebody talks about microscope pictures, it's about the CPU and not > the PCH (where the ME resides). So I'm not sure if people actually > look at it. > > [1] > > https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/WordDocuments/configuringtheintelamtipaddress.htm > > Nico >
_______________________________________________ coreboot mailing list -- [email protected] To unsubscribe send an email to [email protected]
