And so far, nobody was able to crack Huffman, thus to have ability to
reverse-engineer plain kernel executable.
Not true. See
http://blog.ptsecurity.com/2017/12/huffman-tables-intel-me.html ,
https://github.com/ptresearch/unME11 and
https://github.com/IllegalArgument/Huffman11
Regards
Felix
Hello!
(Today on my regular laptop who might be so gifted with the Intel ME.)
All this nattering and grommishing around about the Intel ME device is
interesting and fun sort-of. But this does not explain what the Intel
ME is and what it does. And what about it has caused an almost
incredible displa
On Thu, 14 Dec 2017 20:25:53 -0500
Youness Alaoui wrote:
> In my opinion, the ME is indeed disabled because the entire ME
> functionality is disabled, no ME processes are running, and the kernel
> on its own is irrelevant, even if it keeps running.
> However, I do not have anymore a strong counte
> pretty sure the I is for Intel ;-)
Sure. AMD has AME, as I recall. VIA has VME, Cyrix had CME, etc. ;-)
It is ME, simple and plain. I(ntel)ME is a pleonasm (please, look on the
Webster Dictionary what the pleonasm is?!).
Zoran
On Fri, Dec 15, 2017 at 6:18 PM, Matt DeVillier
wrote:
> On Fri,
On Fri, Dec 15, 2017 at 10:23 AM, Zoran Stojsavljevic <
zoran.stojsavlje...@gmail.com> wrote:
> IME (I is typo) = ME .
>
pretty sure the I is for Intel ;-)
(or, at least that's how I've seen it referenced elsewhere)
>
> Zoran
>
--
coreboot mailing list: coreboot@coreboot.org
https://mail.cor
IME (I is typo) = ME .
Zoran
On Fri, Dec 15, 2017 at 5:14 PM, Gregg Levine
wrote:
> Hello!
> (I'm working from the office today on a library computer...)
> My regular laptop might be wearing one of those dratted things. But
> before we start confusing people further, perhaps one of the group
>
Hello!
(I'm working from the office today on a library computer...)
My regular laptop might be wearing one of those dratted things. But
before we start confusing people further, perhaps one of the group
needs to reiterate exactly what that contraption is, and why it was
necessary. Oh and what the c
Thanks.
They didn't seriously include a Java Runtime Environment into the IME??
I can't believe what's going on with this company.
Am Freitag, den 08.12.2017, 16:16 +0100 schrieb Thomas Heijligen:
> For those who are interested in the Intel ME, the slides and white
> papers
> from the Black Hat
In my opinion, the ME is indeed disabled because the entire ME
functionality is disabled, no ME processes are running, and the kernel
on its own is irrelevant, even if it keeps running.
However, I do not have anymore a strong counter opinion to your
statement that you don't consider the ME to be di
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thank you for the detailed response; I figured there had to be some
basic miscommunication somewhere. :-) So I assume we now agree that the
ME on Sylake + is not disabled, merely limited?
On 12/14/2017 01:20 AM, Youness Alaoui wrote:
> Hi,
>
> From
> According to Positive Technologies, on Skylake and higher (like the
> Purism machines) the kernel loads the BUP, and the HAP bit only disables
> the normal userspace processes
This is very good observation. Let us look again into the unknown code,
compressed by Huffman (unknown tables):
[image:
Thanks for elaborating and shedding light on this for some of us
non-experts who are just lurking around.
On Thu, Dec 14, 2017 at 2:20 AM, Youness Alaoui <
kakar...@kakaroto.homelinux.net> wrote:
> Hi,
>
> From the PT article you linked to, after the stage 5 of BUP execution :
> "It is at this st
Hi,
>From the PT article you linked to, after the stage 5 of BUP execution :
"It is at this stage that we find HAP processing; in this mode, BUP
hangs instead of executing InitScript. This means that the remaining
sequence of actions in normal mode has nothing to do with HAP and will
not be consid
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
According to Positive Technologies, on Skylake and higher (like the
Purism machines) the kernel loads the BUP, and the HAP bit only disables
the normal userspace processes [1].
What proof do you have that the kernel itself is halted?
[1] http://blog.
> I guess I still disagree with the use of the word "disabled". If the ME
> wasn't required for boot, and was actually disabled within a few cycles
> of its CPU starting, the remaining attack surface simply wouldn't exist.
> This is not what happens though, and AFAIK even the ME kernel continues
On 12/12/2017 12:11 PM, Denis 'GNUtoo' Carikli wrote:
As I understand, this by itself isn't sufficient yet to boot a post-GM45
Intel with free software, however it gives a lot of insight on how
things work and enables all researchers to understand better the
Management Engine and recent Intel sy
On Fri, 8 Dec 2017 21:34:57 +0100 (CET)
eche...@free.fr wrote:
> For those who are interested in the Intel ME, the slides and white
> papers
> from the Black Hat Europe are public.
>
> https://www.blackhat.com/docs/eu-17/materials/eu-17-Goryachy-How-To-Hack-A-Turned-Off-Computer-Or-Running-Unsig
For those who are interested in the Intel ME, the slides and white
papers
from the Black Hat Europe are public.
https://www.blackhat.com/docs/eu-17/materials/eu-17-Goryachy-How-To-Hack-A-Turned-Off-Computer-Or-Running-Unsigned-Code-In-Intel-Management-Engine.pdf
https://www.blackhat.com/docs/eu-
> Neither the ME or the PSP can ever be removed from their respective
systems.
I already wrote extensively about this in the previous thread (I 1000%
agree with you, Tim). But these people revealed
the almost whole architecture how ME boots the modern INTEL platform, and,
frankly, I never expected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/08/2017 08:40 AM, Alberto Bursi wrote:
>
>
> On 12/08/2017 02:59 PM, Timothy Pearson wrote:
>>
>> That's just the HAP bit. The ME is limited but NOT disabled, and the
>> remaining stubs are still hackable [1].
>>
>> Neither the ME or the PSP c
On 12/08/2017 02:59 PM, Timothy Pearson wrote:
>
> That's just the HAP bit. The ME is limited but NOT disabled, and the
> remaining stubs are still hackable [1].
>
> Neither the ME or the PSP can ever be removed from their respective
> systems. They can both be limited to some extent, but to ca
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
That's just the HAP bit. The ME is limited but NOT disabled, and the
remaining stubs are still hackable [1].
Neither the ME or the PSP can ever be removed from their respective
systems. They can both be limited to some extent, but to call either of
On Wed, 30 Aug 2017 18:09:51 -0400
"taii...@gmx.com" wrote:
> On 08/30/2017 03:28 PM, Timothy Pearson wrote:
>
> >> POWER9 workstations are already coming on the market:
> >>
> >> https://raptorcs.com/TALOSII/
> >>
> >> Note that IBM selling similar machines directly would likely be
> >> more ex
On 08/30/2017 03:28 PM, Timothy Pearson wrote:
POWER9 workstations are already coming on the market:
https://raptorcs.com/TALOSII/
Note that IBM selling similar machines directly would likely be more
expensive, not less, based on POWER8 price comparisons between IBM and
other vendors. People
Try this backup copy from the Internet Archive:
https://web.archive.org/web/20121211162830/fm.csl.sri.com/LAW/2009/dobry-law09-HAP-Challenges.pdf
2017-08-30 1:00 GMT-03:00 taii...@gmx.com :
> I can't download the .pdf file for some reason (maybe the tla's got to it?)
> http://fm.csl.sri.com/LAW/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/29/2017 11:00 PM, taii...@gmx.com wrote:
> I can't download the .pdf file for some reason (maybe the tla's got to it?)
> http://fm.csl.sri.com/LAW/2009/dobry-law09-HAP-Challenges.pdf
> can someone send it to me?
> Thanks
>
>
> Thoughts:
> Sad t
On 08/30/2017 07:06 AM, taii...@gmx.com wrote:
> Yes it is called AMD-PSP and present in the newer stuff such as AM4 and
> FM2+, although they did entertain the idea of providing a method to
> disable it in a reddit thread which a PR guy claims the CEO paid
> attention to so I suppose a corporat
On 08/30/2017 12:58 AM, Philipp Stanner wrote:
Am 29.08.2017 um 20:15 schrieb Timothy Pearson:
On 08/29/2017 06:10 AM, Rene Shuster wrote:
Wow.
My favorite part is where the NSA itself basically admits that the ME
can't be trusted! I wonder if they are looking at other architectures
or if th
Am 29.08.2017 um 20:15 schrieb Timothy Pearson:
> On 08/29/2017 06:10 AM, Rene Shuster wrote:
> > Wow.
>
> My favorite part is where the NSA itself basically admits that the ME
> can't be trusted! I wonder if they are looking at other architectures
> or if this HAP bit was enough for their needs?
I can't download the .pdf file for some reason (maybe the tla's got to it?)
http://fm.csl.sri.com/LAW/2009/dobry-law09-HAP-Challenges.pdf
can someone send it to me?
Thanks
Thoughts:
Sad this is still not an actual method of disablement, but it doesn't
really matter as anyone who buys *new* x86
OK, thanks for the clarification.
On Tue, Aug 29, 2017 at 4:13 PM, Timothy Pearson <
tpear...@raptorengineering.com> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 08/29/2017 02:57 PM, Leah Rowe wrote:
> >
> >
> > On 29/08/17 19:15, Timothy Pearson wrote:
> >> On 08/29/2017 06:10
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/29/2017 02:57 PM, Leah Rowe wrote:
>
>
> On 29/08/17 19:15, Timothy Pearson wrote:
>> On 08/29/2017 06:10 AM, Rene Shuster wrote:
>>> Wow.
>
>> My favorite part is where the NSA itself basically admits that the
>> ME can't be trusted! I wonde
http://fm.csl.sri.com/LAW/2009/dobry-law09-HAP-Challenges.pdf (linked in
PTSecurity's blogpost) might have the answer to your question, but it's not
accessible for me.
On Tue, Aug 29, 2017 at 3:57 PM, Leah Rowe wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
>
>
> On 29/08/17 19:15,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 29/08/17 19:15, Timothy Pearson wrote:
> On 08/29/2017 06:10 AM, Rene Shuster wrote:
>> Wow.
>
> My favorite part is where the NSA itself basically admits that the
> ME can't be trusted! I wonder if they are looking at other
> architectures or
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/29/2017 06:10 AM, Rene Shuster wrote:
> Wow.
My favorite part is where the NSA itself basically admits that the ME
can't be trusted! I wonder if they are looking at other architectures
or if this HAP bit was enough for their needs?
- --
Timot
Wow.
On Mon, Aug 28, 2017 at 12:08 PM, Matthias Gliwka wrote:
> Some new development on disabling Intel ME 11: http://blog.ptsecurity.
> com/2017/08/disabling-intel-me.html
>
> Kind regards,
> Matthias Gliwka
>
> --
> coreboot mailing list: coreboot@coreboot.org
> https://mail.coreboot.org/mailm
36 matches
Mail list logo