Hi all, Looking at the Qubes AEM web page, I'm trying to work my head around the statement on "If you cleaned your Intel Management Engine with e.g. me_cleaner while installing CoreBoot then you are out of luck.". I get that TXT is required for AEM, but the consequence to using AEM seems to be accepting Intel ME into my life.
>From everything I've read, ME seems like true evil. Having an unauditable, >closed source, back door that owns my computer, even when shut down, seems way >more scary and unmanageable than the physical security issues that AEM >addresses. On the surface, assuming me_cleaner successfully disables ME, it >seems like the ME requirement for AEM opens up more "harmful" issues than it >solves. I'm not an expert in security or x86 architecture, and just coming >up to speed on a lot of this stuff. But after looking into this AEM and >me_cleaner stuff, I feel like I'm missing something. If I indeed have to >choose between AEM or cleaning ME, then I'm looking for more info to help make >the choice. Is the ME for AEM trade desirable because, from a practical standpoint, we know Evil Maids exist, whereas ME exploits are currently thought to be non-existent? Is me_cleaner (or any other BIOS cleaner) considered a speculative solution to the ME problem? Does cleaning the BIOS open the system up to additional security issues (e.g. does removing TXT make the processor less secure)? Are there alternatives to me_cleaner that disable the ME engine but preserve TXT so AEM works? Thanks, Mike -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ju4npUkllMl6228r-YLjIPOgvu8Q8WGgBMpc8IhTBtCf8ANA9XFsovBJD0PL256Qmopq5gPULEiXomt8dQKBIiibuNOoi4JdMa-NvT2SJm8%3D%40karatronics.com.
