When it comes to Intel Management Engine, I actually think it’s not a threat if you neutralize it. I mean to just set the HAP bit on it. Because if that isn’t enough then that means all computers in the world which use Intel CPU can be accessed by NSA but if NSA had this much power then it seems obvious that they aren’t using it and why wouldn’t they use it?
There’s a github project to neutralize/disbale Intel ME: https://github.com/corna/me_cleaner Disable is overwriting intel ME as much as possible with zeros, leaving only a little remaining to be able to boot the computer. The newer the intel chips are, the less likely it is to be able to disable it. But all chip sets can be neutralized which means to set the HAP bit which is an official feature. In theory we can’t actually trust the HAP bit to really disable intel ME permanently. It’s more like asking Intel to do what they have promised because it’s proprietary. But I think it really does permanently disable it because otherwise NSA would be abusing this power.
That’s why I think the newer laptop models are better because it’s probably not necessary to disable, it’s enough to just neutralize withthe HAP bit. And with a newer modern laptop they can have open source Embedded Controller firmware which is better than proprietary Embedded Controller firmware.
I’m interested to hear what you think as well.
The same way you would do it with a black box while optionally taking as many shortcuts as one is comfortable with by virtue of assuming having a better understanding of it’s been built?
Get it audited by tools, e.g OneSpin, or people, e.g Bunnie, that one trusts?
I’m not saying it’s intrinsically safer than other architectures but it is at least more inspectable and, for people who do value trust for whatever, can be again federated.
I assume if you do ask the question you are skeptical about it so curious to know what you believe is a better alternative and why.
You can audit IntelME a similar way, it’s just more annoying and tedious, it’s also been done before by people. Honestly I don’t bother much with the IntelME conspiracy theory much anymore (and yes I will call it a conspiracy theory, more on why later), I did used to be extremely interested in it about 2 years ago, I researched the topic heavily. I met people and colleagues who were also interested in it. However I found when I suggested ways to study or prove the claims made about it, like where it’s communicating to or how it interacts with the system or even just disassembling the rom I would get weird answers about it knowing when it’s being probed and that I wouldn’t consider entirely rational when describing a tiny embedded system like this. Then I came across the 34C3 video and basically I realized then and there that this is a conspiracy theory, as there is a whole great study done by these guys and everyone is ignoring it.
Then there’s the fact that many of the theories out there seem to resist investigation, and people seem to come up with more elaborate ways of it resisting. Example: I presented the idea of sniffing the Ethernet connection of the computer by cutting the cable in half and probing it with a debugger and they claimed that the chip would listen with the microphone and abort, or that IntelME would skew the data collected when loaded up on another computer.
The end result is that I bought a high end PC from System76 with the capability to disable IntelME largely for nothing, which would be fine if the Laptop wasn’t so problematic, like the fact that it gets insanely hot and chews through battery insanely fast (seriously Battery consumption is worse on this laptop than my Steam Deck). Also it chews through power like this even on the iGPU, but it was way worse on the nvidia GPU, like way way worse. I wish I had gotten something AMD based, They’re killing it when it comes to performance and efficiency, more than I can say for Toasty old Intel.
I mean can’t they just audit a version that doesn’t have a backdoor/snoops. Verifying against silicon is probably very hard.
I imagine it’s like everything else, you can only realistically verify against a random sample. It’s like trucks passing a border, they should ALL be checked but in practice only few gets checked and punished with the hope that punishment will deter others.
Here if 1 chip is checked for 1 million produced and there is a single problem with it, being a backdoor or “just” a security flaw that is NOT present due to the original design, then the trust in the company producing them is shattered. Nobody who can afford alternatives will want to work with them.
I imagine in a lot of situations the economical risk is not worth it. Even if say a state actor does commission a backdoor to be added and thus tell the producing company they’ll cover their losses, as soon as the news is out nobody will even use the chips so even for a state actor it doesn’t work.
Thats true, but that sadly won’t help against a state forcing a company to put these things into the silicon. Not saying they do rn, but its a real possibility.