On Sun, Oct 03, 2021 at 05:43:38PM +0700, Hendra wrote: > in my understanding, > > in their office, they know the password of their internet connection, > therefore they can setup the password in the AMT, > so they can access the devices remotely, > > but after the products being distributed all over the world, > then each are connected to different wifi router with different passwords, > therefore they need to set up another wifi password to the AMT, > in order for the AMT to be connected with the internet, > so that they can access it remotely, > > but then how do they know the password ? > also how do they access it remotely to re-setup the password ?
A while since I last looked into this, but IIRC: - Important to distinguish between ME OS (a Minix derivative) and "main" OS (typically Windows, macOS, GNU/Linux, ...) - ME can, while main OS is running, view some/all CPU registers, RAM, and (in the case of *compatible* NICs), some NIC registers. - ME can therefore (in principle, at least) record network credentials to persistent storage. That raises questions including the following: - Does ME in fact extract network credentials from the main OS when latter is running? (IIRC, Snowden indicated the answer is yes - at least in some cases.) - If so, which part(s) of which versions of the ME are responsible? (A binary search like the one Trammell Hudson - I think - used to work out how to neutralise the ME might reveal this.) - Which other variables affect whether the answer is "yes"? - Does ME in fact store credentials persistently, to give itself network access even if main OS is not running? (IIRC, Snowden indicated the answer is yes - at least in some cases.) - If so, then where do which versions of the ME store those credentials? (Do they use persistent storage on the NICs? BIOS/UEFI? HDD/SSD? Or somewhere sneakier like in the HDD/SSD controllers? Maybe some combination or fallback of all these?) - Which other variables affect whether the answer is "yes"? Someone (a PhD student, maybe?) should make these questions the subject of a research project. Perhaps it has already been done. As I say, I'm a bit out of the loop just now. _______________________________________________ coreboot mailing list -- [email protected] To unsubscribe send an email to [email protected]
