undefined | Better HN

0 pointsasymptosis5y ago0 comments

I get the feeling you could be tempted to say more about that. Please elaborate?

0 comments

Your average desktop/laptop CPU runs a blackbox like Intel AMT or AMD PSP which is basically an always active mini-CPU that runs in the background and is OS-agnostic. If you consider your OS max privilege level as ring 0, this is ring -1.

If/when someone manage to conpromise those, they can basically take over your computer, and Intel/AMD doesn't provide any sort of killswitch or physical way of disabling it.

marshmallow_125y ago

Tell me more about this. What does this system do, and why can't we do anything about it?

legends2k5y ago

The first section of [1] explains that with references

[1]: https://legends2k.github.io/note/clean_me

1 more reply

silly-silly5y ago

> What does this system do,

It can be used for 'out of band' management of your system, including firmware/bios rollouts and updates. Allows remote hijacking of attached hardware devices. Basically can puppeteer your entire system.

> why can't we do anything about it?

Because there is no ability to update or modify this code. It is only updatable by the hardware vendor as it is encrypted, signed and checked during update.

boring_twenties5y ago

https://libreboot.org/faq.html#intelme

fsflover5y ago

https://en.wikipedia.org/wiki/Intel_Management_Engine

jart5y ago

Faraday cage can do something about it.

rubatuga5y ago

I think you mean Intel ME not Intel AMT.

m-p-35y ago

Correct, my bad. I would edit my original comment but it's too late.

m-p-35y ago

Correct, my bad.

anta405y ago

Turn the power off. Unplug all cables.

Problem is (temporarily) solved :D

8note5y ago

Solved until somebody invents some form of technology for storing energy over time,and another for communicating without wires

yjftsjthsd-h5y ago

Yeah, until I want to actually do anything with it.

marcodiego5y ago

Mainly not depending on closed source binary blobs or drivers.

judge20205y ago

I guess they mean the freedom (or lack thereof) of the software license that comes with your OS, ie. 'you should be able to hit the software with a metaphorical hammer', which technically isn't possible with the Windows 10 license.

autoexec5y ago

I also think selecting parts is limited by the fact that there are so few manufacturers. Processors these days mostly come down to AMD or Intel and nothing there is transparent or audit-able. "trusted computing" and backdoors make even your hardware suspect.

fiddlerwoaroof5y ago

There are capable desktop computers with open hardware, down to the silicon: you just have to pay for it.

For example, for $4k, you can get this with specs roughly equivalent to a normal developer machine: https://www.raptorcs.com/content/BK1SD1/intro.html

4 more replies

j / k navigate · click thread line to collapse

0 comments

m-p-35y ago

If/when someone manage to conpromise those, they can basically take over your computer, and Intel/AMD doesn't provide any sort of killswitch or physical way of disabling it.

marshmallow_125y ago

Tell me more about this. What does this system do, and why can't we do anything about it?

legends2k5y ago

The first section of [1] explains that with references

[1]: https://legends2k.github.io/note/clean_me

1 more reply

silly-silly5y ago

> What does this system do,

> why can't we do anything about it?

Because there is no ability to update or modify this code. It is only updatable by the hardware vendor as it is encrypted, signed and checked during update.

boring_twenties5y ago

https://libreboot.org/faq.html#intelme

fsflover5y ago

https://en.wikipedia.org/wiki/Intel_Management_Engine

jart5y ago

Faraday cage can do something about it.

rubatuga5y ago

I think you mean Intel ME not Intel AMT.

m-p-35y ago

Correct, my bad. I would edit my original comment but it's too late.

m-p-35y ago

Correct, my bad.

anta405y ago

Turn the power off. Unplug all cables.

Problem is (temporarily) solved :D

8note5y ago

Solved until somebody invents some form of technology for storing energy over time,and another for communicating without wires

yjftsjthsd-h5y ago

Yeah, until I want to actually do anything with it.

marcodiego5y ago

Mainly not depending on closed source binary blobs or drivers.

judge20205y ago

autoexec5y ago

fiddlerwoaroof5y ago

There are capable desktop computers with open hardware, down to the silicon: you just have to pay for it.

For example, for $4k, you can get this with specs roughly equivalent to a normal developer machine: https://www.raptorcs.com/content/BK1SD1/intro.html

4 more replies

j / k navigate · click thread line to collapse