Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

> The text on those pages does say that the BIOS is "not yet freed" and that it depends on the FSP, and the comparison tables > do specifically say that the BIOS is not yet free (it says "almost" because Todd thought it was almost done, but due to the > issues with coreboot contributors I

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

Thanks Peter, well said! I enjoyed that little graphic too :) @Taiidan, I hadn't thought of PAVP, but the idea is to remove/neutralize the ME entirely, not to intercept its messages. If we take control of the ME, we'll probably just call 'halt' to make sure that core is disabled. I don't see how

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

Let me demystify this bug. It is so trivial, at the end of the day, I will ask some questions here, openly on the list!? It is, after all, most of 13K Front Line Managers in INTEL with reputations on stake for this bug, with really questionable (minimum required) qualities, as well as technical,

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

In case you missed it: https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability On Fri, May 5, 2017 at 8:10 AM, Peter Stuge wrote: > First, thanks to everyone who is working hard to maintain a good tone > on the list. I certainly appreciate that. > > While the ME

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

First, thanks to everyone who is working hard to maintain a good tone on the list. I certainly appreciate that. While the ME and that it may have issues ;) is not so big news for many in this community, this is an important news story for IT in general, as it furthers the goal of platform and

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

> Serious stuff, sure. But it has been done before (without anyone being > payed for it, FWIW). And compared to the ME firmware we know what it > has to do _and_ don't have to hack into anything to get our code running. I would not say so. I know about the history, and I know a bit about IVB and

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

On 03.05.2017 09:28, Zoran Stojsavljevic wrote: >> The reason we want to prioritize the ME vs. the FSP, is because a lot > more people were interested in getting rid of the ME, >> so it is a higher priority, *but the FSP is also going to be reversed > eventually and coreboot deblobbed entirely*. >

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

On 03.05.2017 01:39, Youness Alaoui wrote: > to answer Nico's other post: > I'm quite surprised and disappointed by your answer. You have every right > to say that you are disappointed or distrusting Purism due to past actions, > but I find it harsh for you to be repeatedly saying "fraud" and

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

> The reason we want to prioritize the ME vs. the FSP, is because a lot more people were interested in getting rid of the ME, > so it is a higher priority, *but the FSP is also going to be reversed eventually and coreboot deblobbed entirely*. This is very serious claim, Youness. In FSP you do

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

Looks like I failed at answering Taiidan without generating a flame war. Sorry if anyone got offended, that wasn't my aim. To answer the various questions that were thrown, here's what I think : Taiidan, you ask why Purism doesn't just create laptops using FX2 or ARM or whatever... Well, because

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

On Tue, May 2, 2017 at 2:08 PM Zoran Stojsavljevic < zoran.stojsavlje...@gmail.com> wrote: > OK. I will rephrase my statement. :-) > > Ron, you can believe in Snow White, in Santa Clause, in INTEL to be > good/reasonable and to engage with Google, or Purism in ME Open Source > effort. > > Good

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

OK. I will rephrase my statement. :-) Ron, you can believe in Snow White, in Santa Clause, in INTEL to be good/reasonable and to engage with Google, or Purism in ME Open Source effort. Good Luck with that, you'll certainly need it! I'll rather believe in Igor Skochinsky, Dmitry Sklyarov and

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

On Tue, May 2, 2017 at 11:38 AM Zoran Stojsavljevic < zoran.stojsavlje...@gmail.com> wrote: > > But I also saw Todd working very hard to try *to engage Intel*, over a > period of years. > > Whoever might be believing in this statement: Good luck to you all. You'll > need it, really! :-( > >> >>

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

> But I also saw Todd working very hard to try *to engage Intel*, over a period of years. Whoever might be believing in this statement: Good luck to you all. You'll need it, really! :-( Zoran On Tue, May 2, 2017 at 7:56 PM, ron minnich wrote: > > > On Tue, May 2, 2017 at

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

On Tue, May 2, 2017 at 10:39 AM Nico Huber wrote: > > Sorry Ron, I didn't write it to offend you. > No problem. It hurt a bit because I respect you so much :-) I find that people's take on Purism varies depending on whether they have personally interacted with Todd or not. Up

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

On 02.05.2017 16:20, ron minnich wrote: > On Tue, May 2, 2017 at 3:54 AM Nico Huber wrote: > >> >> >> You sound much like their advertisement. >> >> > > OK, I'm done here. Have a nice project everyone. When people start making > statements like this and accusing the

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

On Tue, May 2, 2017 at 3:54 AM Nico Huber wrote: > > > You sound much like their advertisement. > > OK, I'm done here. Have a nice project everyone. When people start making statements like this and accusing the project of being corrupt, it's time to stop reading a list.

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

I would not be so critique oriented to Youness Alaoui, but much more appreciative. Do not know too much about Purism as company, but if Purism made some fraud/false promises to its customers, it is another story, which does NOT have anything to do with Youness and his published work here. Every

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

On 02.05.2017 04:52, Youness Alaoui wrote: > Ron couldn't be more right when he says that you can't appreciate how much > work it is to go from a "it works" to a "it's tested/verified and made into > a *product* for actual users". It took me 6 months of work to finish the 4 > days of work that

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

On 02.05.2017 00:44, ron minnich wrote: > On Mon, May 1, 2017 at 1:17 PM Rene Shuster > wrote: > >> Yes Puri.sm has been debunked. >> > > I disagree. I've seen the systems. From what I can see, Puri.sm has made a > good faith effort to go as far possible *with modern

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

On 02/05/2017, Youness Alaoui wrote: > For actual ME-related work that wasn't done by someone else, I will point > you to this file : > https://github.com/kakaroto/purism-playground/blob/master/me_re/romp.c > That is a full C re-implementation of the ROMP module

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

On 05/01/2017 10:52 PM, Youness Alaoui wrote: On Mon, May 1, 2017 at 7:22 PM, taii...@gmx.com wrote: On 05/01/2017 06:44 PM, ron minnich wrote: On Mon, May 1, 2017 at 1:17 PM Rene Shuster wrote: Yes Puri.sm has been debunked. I disagree. I've

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

On Mon, May 1, 2017 at 7:22 PM, taii...@gmx.com wrote: > On 05/01/2017 06:44 PM, ron minnich wrote: > > On Mon, May 1, 2017 at 1:17 PM Rene Shuster >> wrote: >> >> Yes Puri.sm has been debunked. >>> >>> I disagree. I've seen the systems. From what I

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

On Mon, May 1, 2017 at 4:22 PM taii...@gmx.com wrote: > > > Name one thing that they have done themselves? > > Until you've done a port of a new board and taken it all the way through manufacturing test and verification, interfacing with folks at the vendor, and dealing with all

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

On 05/01/2017 06:44 PM, ron minnich wrote: On Mon, May 1, 2017 at 1:17 PM Rene Shuster wrote: Yes Puri.sm has been debunked. I disagree. I've seen the systems. From what I can see, Puri.sm has made a good faith effort to go as far possible *with modern x86

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

On Mon, May 01, 2017 at 10:44:45PM +, ron minnich wrote: > On Mon, May 1, 2017 at 1:17 PM Rene Shuster > > Yes Puri.sm has been debunked. > > I disagree. I've seen the systems. From what I can see, Puri.sm has made a > good faith effort to go as far possible *with

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

On Mon, May 1, 2017 at 1:17 PM Rene Shuster wrote: > Yes Puri.sm has been debunked. > I disagree. I've seen the systems. From what I can see, Puri.sm has made a good faith effort to go as far possible *with modern x86 chipsets* toward getting rid of the blobs. They

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

On Mon, May 1, 2017 at 2:54 PM Raphael Jacquot wrote: > > > what kind of performance can be expected from RiscV ? > > Performance is not the issue. The issue is when it will be ready, and in a laptop you like, and the answer is "not for a while". Further, while the RISCV

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

On 05/01/2017 11:44 PM, taii...@gmx.com wrote: Once my opteron systems are no good anymore my next computer purchases will be POWER and ARM for sure, I refuse to buy insecure intel/new amd garbage. POWER is reasonably priced for what you get, it simply isn't meant for the entry level server

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

Once my opteron systems are no good anymore my next computer purchases will be POWER and ARM for sure, I refuse to buy insecure intel/new amd garbage. POWER is reasonably priced for what you get, it simply isn't meant for the entry level server market for 10K you're getting comparable power

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

On Mon, May 1, 2017 at 1:43 PM Timothy Pearson < tpear...@raptorengineering.com> wrote: > > > As an unofficial poll, if POWER server hardware were ever to come down > in price to more reasonable levels, would you consider switching given > the vulnerabilities in Intel hardware? > In many places

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/01/2017 03:32 PM, Trammell Hudson wrote: > On Mon, May 01, 2017 at 05:13:10PM +0100, Sam Kuper wrote: >> Has anyone here got a link describing or including the fix, either >> directly from Intel, or from an OEM? > > Intel just posted one: > >

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

On Mon, May 01, 2017 at 05:13:10PM +0100, Sam Kuper wrote: > Has anyone here got a link describing or including the fix, either > directly from Intel, or from an OEM? Intel just posted one: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075=en-fr -- Trammell -- coreboot

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/01/2017 03:15 PM, Rene Shuster wrote: > Yes Puri.sm has been debunked. Can someone confirm that if you want > recent hardware without Intel ME then Chromebooks with MrChromebox.tech > SeaBIOS ( https://mrchromebox.tech/#devices ) is the way to

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

Yes Puri.sm has been debunked. Can someone confirm that if you want recent hardware without Intel ME then Chromebooks with MrChromebox.tech SeaBIOS ( https://mrchromebox.tech/#devices ) is the way to go? On Mon, May 1, 2017 at 3:34 PM, BogDan Vatra wrote: > Ah, I thought it's

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

Ah, I thought it's something inside the CPUs :) It sound so familiar ... On May 1, 2017 21:38, "mdn" wrote: > > > Le 01/05/2017 19:59, BogDan Vatra a écrit : > > Hi Ron, > > > > If anyone can *prove* that it is/was possible to remotely access *any* > > Intel (from

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

Le 01/05/2017 19:59, BogDan Vatra a écrit : > Hi Ron, > > If anyone can *prove* that it is/was possible to remotely access *any* > Intel (from 2008+) based computer, it's the beginning of the end of > Intel. > > BogDan. > > P.S. I know what Intel ME and AMD PSP are*, but I have no idea what >

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

Hi Ron, If anyone can *prove* that it is/was possible to remotely access *any* Intel (from 2008+) based computer, it's the beginning of the end of Intel. BogDan. P.S. I know what Intel ME and AMD PSP are*, but I have no idea what WEP is. So, sorry for my stupid question, but what is WEP? *

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

On Mon, May 1, 2017 at 10:30 AM BogDan Vatra wrote: > Maybe this is a new fools' day joke? May fools' day joke? > This looks way too bad to be true ... > > Not too bad to be true, not surprising to many of us who have been warning of this since, say, 2004. It's just that nobody

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

I don't like that article because they shill for purism at the end. Nothing that purism does is special they're just an overpriced quanta laptop that they ran someone elses tools on - they'll never figure out how to really disable ME because it can't be done. I can't understand why they

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

Maybe this is a new fools' day joke? May fools' day joke? This looks way too bad to be true ... BogDan. P.S. I didn't found any Intel patches from April 25th... 2017-05-01 18:38 GMT+03:00 Shawn : >

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/01/2017 11:16 AM, persmule wrote: > > We could just remove or cleanse > the ME to seal this loophole. This particular hole, perhaps. Do we know that "cleansing" the ME doesn't simply introduce a bigger

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

The ME is the WEP of motherboards. On Mon, May 1, 2017 at 9:18 AM persmule wrote: > We could just remove or cleanse the > ME to seal this loophole. > > > 在 2017年05月02日 00:13, Sam Kuper 写道: > > On 01/05/2017, Shawn

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

We could just remove or cleanse the ME to seal this loophole. 在 2017年05月02日 00:13, Sam Kuper 写道: > On 01/05/2017, Shawn wrote: >> https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/ > The piece states, "on

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

On 01/05/2017, Shawn wrote: > https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/ The piece states, "on April 25, Intel released a firmware fix for this unnamed issue. It affects every Intel machine from Nehalem in 2008 to Kaby Lake in 2017." Has

Re: [coreboot] Remote security exploit in all 2008+ Intel platforms

how can this be? Intel has promised me for 15 years now that this would never be an issue! There just has to be some mistake. Oh, right, now I remember. The ME is the mistake. ron On Mon, May 1, 2017 at 8:39 AM Shawn wrote: > >

[coreboot] Remote security exploit in all 2008+ Intel platforms

https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/ -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot