this post was submitted on 16 Sep 2024
53 points (98.2% liked)

Privacy

31256 readers
662 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz
53
How big threat do you think Intel ME is in reality, not in theory? (lemmy.wtf)
submitted 3 days ago by chappedafloat@lemmy.wtf to c/privacy@lemmy.ml
30 comments fedilink hide all child comments
 

When it comes to Intel Management Engine, I actually think it's not a threat if you neutralize it. I mean to just set the HAP bit on it. Because if that isn't enough then that means all computers in the world which use Intel CPU can be accessed by NSA but if NSA had this much power then it seems obvious that they aren't using it and why wouldn't they use it?

There's a github project to neutralize/disbale Intel ME: https://github.com/corna/me_cleaner Disable is overwriting intel ME as much as possible with zeros, leaving only a little remaining to be able to boot the computer. The newer the intel chips are, the less likely it is to be able to disable it. But all chip sets can be neutralized which means to set the HAP bit which is an official feature. In theory we can't actually trust the HAP bit to really disable intel ME permanently. It's more like asking Intel to do what they have promised because it's proprietary. But I think it really does permanently disable it because otherwise NSA would be abusing this power.

That's why I think the newer laptop models are better because it's probably not necessary to disable, it's enough to just neutralize withthe HAP bit. And with a newer modern laptop they can have open source Embedded Controller firmware which is better than proprietary Embedded Controller firmware.

I'm interested to hear what you think as well.

top 30 comments
sorted by: hot top controversial new old
[–] nbailey@lemmy.ca 44 points 3 days ago (2 children)

I choose not to think about it or include it in my mental threat model, the same way I choose to not worry about thermonuclear warheads.

If there’s some exploitable backdoor and Intel gets owned, we’re all boned and there’s nothing we can really do about it. I don’t have anti-ballistic-missile systems, and I also don’t have the capability to make an entire hardware/firmware/os from scratch.

So instead focus on the things you can control and are more likely to happen. Don’t plan for doomsday, plan for every day.

[–] gnutard@sh.itjust.works 8 points 3 days ago (1 children)

I would go on eBay and buy a Libreboot machine from 2009 and prior (X200, T500, etc.) These systems have 100% no blobs in the firmware and can have the IME fully disabled. I use these as my daily and I'm fine.

[–] Quail4789@lemmy.ml 20 points 2 days ago (1 children)

Most people need more than a brick for their daily.

[–] gnutard@sh.itjust.works 3 points 2 days ago* (last edited 2 days ago) (1 children)

I mean, sure, but to be honest, I think most people just browse the web. They open Google Chrome, and that's basically all they know. Some don't even know what OS they're using. I would say that's at least 40% of computer users. I think they're just unaware that there are other options, like the ones I listed above. Honestly, it's not their fault; Libreboot and GNU/Linux aren't mainstream yet. I really don't see why you would need a powerful machine unless you're a gamer or work in computer graphics, etc.

You're not wrong, but for those who don't use their machines to make money in these fields, think about the freedom you've lost. Consider all the things that make you who you are, being entirely known by someone you never consented to give information to. I just think it's sad that most people don't care, but I do, and I will keep fighting for it.

I gave up gaming, I stopped wasting time and started getting more done. It really just gives me the freedom to do other things. When people say "user freedom," it's not just about the software; it's about having control over one's life.

There is a sort of hidden beauty in free software. It might seem boring, but that’s kind of the point! Go outside, read books, enjoy life, and live in the moment. I encourage everyone to do the same.

[–] Quail4789@lemmy.ml 7 points 2 days ago (1 children)

I gave up gaming, I stopped wasting time and started getting more done. It really just gives me the freedom to do other things. When people say “user freedom,” it’s not just about the software; it’s about having control over one’s life.

This is cope. Gaming is not a waste of time. Pretending like legitimate and common use cases being unavailable on free hard/software is a plus won't do anyone any good. If you don't want to game that's fine. Lots of people do and it's no different than some other useless hobby most people have.

You don't have control over whether you can game if with the hardware you have.

[–] gnutard@sh.itjust.works 2 points 1 day ago* (last edited 1 day ago)

It was more of a personal reflection for myself, rather than saying gaming is a waste of time universally. I see how you interpreted it that way, I should've phrased it a bit better.

[–] delirious_owl@discuss.online 1 points 2 days ago

Except nuclear weapons have only been used twice in war, and IME is probably used all the time

[–] energize@lemmy.sdf.org 16 points 2 days ago (1 children)

IMHO Intel ME or the AMD equivalent are only relevant for state level targeted attacks. It wouldn't be wise for them to waste it on the small fries and risk having some snoopy I-have-nothing-better-to-do-with-my-life security researcher find some attack payloads.

Of course you are right to be worried and think about it. Right now the best you can do is coreboot, it allows you to disable it.

If you want to counter that risk the best is to get a computer like the nitropads (coreboot and only open source firmware, qubeos on top) https://www.nitrokey.com/news/2020/nitropad-secure-laptop-unique-tamper-detection or the ones of system76 After that, it's no use worrying too much. You could as well be hit be hit in a car crash, a seism or a tsunami could also hit you city. Don't think about it too much, just have a small plan so you are not too lost if the black swan comes for you.

[–] gnutard@sh.itjust.works 5 points 2 days ago* (last edited 2 days ago) (1 children)

Open source is not enough. It needs to be entirely free software. I recommend buying a Libreboot laptop from before 2009, they can fully disable/remove the IME and have a 100% free BIOS firmware (anything supported device with a Core Duo processor basically).

[–] energize@lemmy.sdf.org 3 points 2 days ago

Thanks! I dug in and just found out that you can buy libreboot computers with Intel ME disabled and support the libreboot project on https://minifree.org/

They actually have an interesting selection.

[–] possiblylinux127@lemmy.zip 15 points 3 days ago (1 children)

It is a huge threat just like any low level firmware. However, there isn't much you can do

[–] utopiah@lemmy.ml 5 points 2 days ago* (last edited 2 days ago) (1 children)

Buying other hardware that you (well... not me ;) can inspect and verify, e.g RISC?

For now the performances are pretty terrible BUT one can imagine, assuming they have the right discipline and mental model doing what's actually personal on a verifiable processor, e.g browsing and reading emails, and what's not, e.g watching a TV show on another machine with CPU/GPU with an unverifiable architecture.

PS: I have a Precursor and a Banana Pi BPI-F3 with SpacemiT K1 8 core RISC-V chip and that's the main idea behind them both, i.e knowing, as a community, how it works all the way down.

[–] Schmeckinger@lemmy.world 2 points 1 day ago (1 children)

How do you want to verify a RISC core not doing something funny?

[–] utopiah@lemmy.ml 1 points 1 day ago (1 children)

The same way you would do it with a black box while optionally taking as many shortcuts as one is comfortable with by virtue of assuming having a better understanding of it's been built?

Get it audited by tools, e.g OneSpin, or people, e.g Bunnie, that one trusts?

I'm not saying it's intrinsically safer than other architectures but it is at least more inspectable and, for people who do value trust for whatever, can be again federated.

I assume if you do ask the question you are skeptical about it so curious to know what you believe is a better alternative and why.

[–] Schmeckinger@lemmy.world 1 points 1 day ago (1 children)

I mean can't they just audit a version that doesn't have a backdoor/snoops. Verifying against silicon is probably very hard.

[–] utopiah@lemmy.ml 1 points 16 hours ago* (last edited 16 hours ago) (1 children)

I imagine it's like everything else, you can only realistically verify against a random sample. It's like trucks passing a border, they should ALL be checked but in practice only few gets checked and punished with the hope that punishment will deter others.

Here if 1 chip is checked for 1 million produced and there is a single problem with it, being a backdoor or "just" a security flaw that is NOT present due to the original design, then the trust in the company producing them is shattered. Nobody who can afford alternatives will want to work with them.

I imagine in a lot of situations the economical risk is not worth it. Even if say a state actor does commission a backdoor to be added and thus tell the producing company they'll cover their losses, as soon as the news is out nobody will even use the chips so even for a state actor it doesn't work.

[–] Schmeckinger@lemmy.world 1 points 16 hours ago* (last edited 16 hours ago)

Thats true, but that sadly won't help against a state forcing a company to put these things into the silicon. Not saying they do rn, but its a real possibility.

[–] t7tis@lemmy.ml 5 points 2 days ago (1 children)

Just restrict network access (both in and out) with proper (trusted) hardware firewall. It's much safer that relying on disabling / configuring etc. You can't attack what you can't reach (directly or in reverse).

[–] chappedafloat@lemmy.wtf 1 points 16 hours ago

I don't have experience with that yet. Are you talking about a PI hole? Can you give a little idea on how to make such firewall rules? Because I want to have a laptop with many VMs or Qubes and each VM has different firewall rules. An email qube would only allow connection to the email server. Maybe one of the safe browsing VMs would only allow connections to the websites I typically visit. The unsafe VM maybe to everything except for known bad IPs/domains.

And NSA and other potential adversaries most likely have access to at least one domain that isn't blocked by firewall.

[–] wizardbeard@lemmy.dbzer0.com 16 points 3 days ago

The NSA tries incredibly hard to not make public which of the many many options in their toolbox are in active use at any given time. Not sure anyone outside the org can say for sure what they are and aren't using.

[–] Jumuta@sh.itjust.works 3 points 2 days ago

idk, never worried about it but my main computer doesn't have it so I just passively use that for important things