On 11/20/18 4:43 PM, Chris Bennett wrote: > AMD? I have read about problems with non-CPU chips being compromised. > Another architecture? I have never used anything other than Intel/AMD.
I can't comment on SUN etc. but AMD would be the way to go if you can. Theo has said in a recent presentation something along the lines of that AMD are far more considerate and apply the security checks first whereas Intel do so at the end!! Many modern UEFI (bios) have very limited configuration enabled, however the configs the OEM has access to enable are larger than ever. It would be better if the functionality that caused them were not there by default but you may find these chip attacks can be mitigated for your scenario, quite easily with the right Vendor/OEM board?? Incidentally the Intel usb debug access has been there for years but it was a physical motherboard access only scenario until recently. I can't help with a good vendor unfortunately. I have no fairly new, off the shelf commercial HW to inspect the BIOS of.
