On 05/01/2017 12:19 PM, Reg Tiangha wrote: > On 05/01/2017 12:04 PM, cooloutac wrote: >> On Monday, May 1, 2017 at 1:26:52 PM UTC-4, Vít Šesták wrote: >>> AFAIU, if https://ark.intel.com/ shows “Intel® vPro™ Technology: no”, then >>> the particular CPU is safe. But I am not 100% confident in vPro and related >>> technologies, so I might be wrong. Can someone confirm/deny this claim? >>> >>> Regards, >>> Vít Šesták 'v6ak' >> I think its more about the management engine on the intel chipsets. They >> say every board after 2008 is affected, even if you don't have amt it can be >> exploited locally? does that mean from the host os or with physical access >> to the board? Sounds scary regardless. >> >> And so we have to hope we get a bios patch or something? Is someone going >> to keep tabs on what boards are getting patched so we can go buy them? lol. >> >> Its funny but after the recent dom0 update I told my family we have to buy >> new pc hardware and they think I'm completely nuts. And ironically, or >> maybe not, my bank card was just hacked over the weekend. I'm praying it >> was got from the only online vendor I ever used it once at a month or two >> ago, or the processing company and not my system. But it sure is a crazy >> coincidence... >> >> I wonder are boards that check for bios updates themselves even safe, Can >> someone intercept with malicious update? >> > It's up to you whether or not you trust this archive or not, but there > is an archive of various ME firmware being kept here: > > http://www.win-raid.com/t596f39-Intel-Management-Engine-Drivers-Firmware-amp-System-Tools.html > > and a more comprehensive archive here: > > http://www.win-raid.com/t832f39-Intel-Engine-Firmware-Repositories.html > > You might be able to update your Intel ME firmware using one of the > files found there. But you'd probably want to wait until a firmware with > at least an April 2017 release date or newer is available; not all of > them have one yet (certainly not for any of the machines that I run). > >
Also, rather than doing a dump of your ME firmware and then running Intel ME Cleaner on it, I think you can download one of the full firmware images from the second link that's applicable for your machine, run Intel ME Cleaner on it, and then flash that using an external programmer. That said, I don't have the external hardware to do it, so I haven't done it myself, nor do I know if that would actually work. All Intel ME Cleaner tutorials that I've seen do it by dumping the ME firmware from the chip first. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/oe7uej%24b4a%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
