I acknowledge that hardware products take years to develop, and they already have a lot on their plate.
Perhaps Intel doesn’t care about consumer whims, but clearly there’s demand from companies like Google.
I’m just generally surprised at the lack of public-facing responses from Intel’s leadership around this and other security issues facing their platform. It all reads like lawyers trying to minimize their liability.
They’re one of the most important technology platforms today. Everything besides cellphones runs on Intel.
Despite actually being a monopoly or duopoly, they don’t have to be so stodgy. I want to love them for their profound impact these past few decades, but it’s hard when it feels like they don’t listen to their customers.
1. an Intel CPU that supports the vPro feature set
2. an Intel networking card
3. the corporate version of the Intel Management Engine (Intel ME) binary (well, definitely, a corporate laptop that used to get updates, but how do I check for ME?)
Is there a website I can visit that can initiate a remote takeover (I'm consenting to it)? Why isn't this possible? What other step is required on my side to make it possible? Is it possible only through the physical ethernet connection? Why aren't we seeing wide scale exploits based on AMT?
If the backdoor exists you will need to know a secret to open it. Currently, the public obviously doesn't know this secret or the doors would be wide open for virtually anybody. Because we don't know the secret key, we cannot open them to prove that they exist. So we don't know for sure if the backdoors exist. But the way the IME is designed and handled makes it possible and plausible that backdoors could exist. It's up to Intel to prove that they don't exist.
Even 14 years ago the FBI was using off cellphones as microphones, recording in-person conversations in a restaurant between some Mafia targets. It was acknowledged during a criminal trial, which means it was probably old-hat by then:
> Kaplan's opinion said that the eavesdropping technique "functioned whether the phone was powered on or off."
> He ruled that the "roving bug" was legal because federal wiretapping law is broad enough to permit eavesdropping even of conversations that take place near a suspect's cell phone.
https://www.cnet.com/news/fbi-taps-cell-phone-mic-as-eavesdr...
Getting access to laptops/PCs regardless of power state with long-term persistence and very low detectability, regardless of traditional OS monitoring, would be top of the list in terms of requirements for any intelligence agency.
Doesn't the NSA_High_Assurance_Platform bit or whatever it's called pretty much prove there's a backdoor?
edit: Here it is: https://en.wikipedia.org/wiki/Intel_Management_Engine#%22Hig...
Why would the NSA demand such a feature if they didn't foresee even a potential vulnerability there?
That seems a bit over the top to ask them to prove a negative.
Does this mean when the PC was connected by ethernet cable? Even by wifi? The exploit could have worked by visiting an arbitrary website? With no click? (I’m not being skeptical. I just want to understand what’s required for the exploit to work.)
In my mind, either a) There are other reasons and this is a convenient conscious or subconscious scapegoat; or b) it's an extremely emotional decision, and as such certainly relevant to holder ("Whatever floats your boat!":) but not necessarily applicable or translatable to anybody else.
I'd be curious (genuinely!) to hear more - were you actually tempted by any Thinkpads in the past but rejected them due to trackpoint, and if so can you elaborate why - what use case did they prevent or what inconvenience did they cause? Thx muchly! :)
The Wikipedia article they link about vPro says:
> Intel vPro technology ... [includes] VT-x, VT-d...
Does this mean that Purism hardware won't support virtualization extensions? Seems like that would be a big downside, and would make it a non-starter for a lot of people (including myself).
https://ark.intel.com/content/www/us/en/ark/products/149091/...
(They have also added a small asterisk to the Purism article to clarify - I'm also just reading it now so don't know if it was there before)
Also, Intel sucks at marketing.
https://en.wikipedia.org/wiki/AMD_Platform_Security_Processo...
https://www.amd.com/system/files/documents/out-of-band-clien...
I haven't been able to figure out what exactly this means, but it does seem to be disabled after system initialization. Kind of like Intel's HAP bit, except user-settable.
https://puri.sm/posts/anti-interdiction-services/
From the site:
-Customized tamper-evident tape on the sealed plastic bag surrounding the laptop itself
-Customized tamper-evident tape on the internal, branded box
-Glitter nail polish covering the center (or all) screws on the bottom of the laptop
-Pictures of all of the above plus pictures of the inside of the laptop before sealing the bottom case
-All pictures sent to the customer out-of-band, signed by Purism and encrypted against the customer’s GPG key
-All coordination occurring over GPG-protected email
this line strikes me as odd. Don't OEMs normally have a contract with Intel (or someone that does) for licensing the motherboard design that would prevent them from doing this?
There is no reason to believe the software switch is working, especially when even a system integrator can accidentally enable the features. If someone wants them on they turn on.
Purism sells snakeoil. Presenting their offerings as FOSS-compatible would be honest. Claiming additional security is not.
Even neutered Intel seems unnecessarily risky.
ARM is no better, either, at least in practice. Their relatively friendly licensing terms would allow a vendor willing to make their own silicon in volume to ship a no-TrustZone, no-Secure-Boot SOC. However, nobody does this. In fact, moving to ARM has traditionally been used as an excuse to lock out third-party operating systems and unlicensed software. (Remember Windows RT tablets?)
This was my recent experience choosing between a new XPS 13 or a T14s amd. Side by side the screens weren't that different. Port selection, keyboard quality, and trackpoint availability were the tiebreakers in favor of the Thinkpad. (Didn't care much about the performance difference due to my light use case.)
flashbacks from 2010 incoming ...
I still don't understand why people accepted the downgrade back then so easily, some of them even thinking 16:9 is somehow more modern or better.
https://www.phoronix.com/scan.php?page=news_item&px=Zlatan-T...
I'm surprised you didn't mention the FSP which is a binary blob from Intel required to be run by any boot firmware (UEFI, Coreboot, or whatever) very early in the platform initialization process (to my understanding, basically as soon as possible after the reset vector, in the PEI phase) before anything is useable.
Baby steps. Don't let perfect be the enemy of good. Success here could indicate to CPU vendors there are people who care about these things.
If the Libreboot FAQ[1] is to be believed, then we are well past this stage. It states:
> Even Google, which sells millions of chromebooks (coreboot preinstalled) have been unable to persuade them.
Here's the more complete list of Core processors which have vpro platform eligibility. It's quite long. https://ark.intel.com/content/www/us/en/ark/search/featurefi...
Connected to Ethernet (with Intel hardware), but doesn’t need to be turned on. Must have vPro and AMT enabled.
One of them I think was actually a zero day, you could get up on shodan and find piles of machines that would just let you upload an ISO and boot whatever you wanted on them.
It really is that bad.
When it is on: AMT Wifi might also just piggyback on the existing config of the OS.
But the thing that really gets me is the 16:10 resolution, I could personally never go back after using it, it just feels correct (to me).
Agreed. Without a dock/external monitor 13" and 14" are really not the sizes one should focus on for productivity, except in short bursts. 16:10 really makes an impact on displays smaller than 17". It took serious justification for me to give up the XPS 13" 16:10 display in favor of a 16:9 14" laptop. I absolutely would not have chosen a 13" 16:9 display because of how big of a net loss it is.
But what would you do with it? Why not just use the OS?
I agree, but it's not like they've given up. They're still working on it, and hope to find a way to permanently remove all the software that enables it, and run their own software instead. Whether or not they'll eventually be successful is of course an open question.
The alternative, at least right now, is that Purism doesn't sell any hardware at all, goes out of business, and then there's no one working credibly on this. That would be an even worse failure, IMO.
" We released a petition for, and continue to work with Intel to free it entirely (what Intel is calling a “ME-less” design). "
Do you have a better solution that trying to neutralise it + starting a petition + talking with Intel to remove it ?
If you to want to criticize brands for selling privacy snakeoil, and not making you "the de facto owner of the machine" then we should address your criticism at Apple, not Purism
Can it be enabled by Intel?
A system that has ME installed with a NIC the ME can't access (non-Intel) seems like it makes the ME irrelevant via suffocation.
I'm not sure of the technical details of this board or if the ME can access non-Intel NICs.
Unlikely? Amazingly so. Technically possible? Yes.
If it has no NIC access and the OS doesn't have access to it because it's not hanging on PCIe anymore, so if it's only there for system bringup, it's essentially sealed off from the world.
System76 takes the position that compatibility with x86 binaries is worth having to take closed, remote-access-enabled, binary firmware. That's a position someone can take.
Responding "So what?" and "I was expecting this" is just nasty and unprofessional.
This is my point. It can't be removed. It will always remain a security problem.
you have hardware on the cpu no longer accessible by software. you have a mellanox network card the me can't talk to. it's there, in the kitchen drawer. it's no longer in the door -so not a security problem.
the 'issue' requires physical access to the machine, and for you to be logged in with an admin account. if someone is physically sitting next to your server and logged in as root, you have no security anymore. they don't need to break into anything, the can just run what they want already.
someone is in your car with keys in the ignition. you're saying they can steal your car by hacking the entertainment system because it's insecure.
- extra accidental clicks - steal of space from the touchpad - more moving parts - visual clutter - undermine chassis rigidity - add weight - With touchscreen and a good touchpad, there's nothing that justifies its existence.
Maybe I have a fixation for minimalism too.
As I frequently mention in this context: You haven't lived until you've seen a highly paid security architect slam their laptop repeatedly in front of the client in frustration :P.
So they put them back in the _50 series and onward :).
Seriously, the generation was reviled and it was a complete rebellion to put them back. And with good reason.
The two "GIANT" (regular sized, but whatever:) physical clicky buttons are there for people who like physical clicky buttons. Which is a large portion of user base using ThinkPads / Lattitude / Elitebooks. These laptops are tools of our trade and we use them at home at work on airplane in coffee shop in the park in the backyard in the bedroom everywhere. We have a fixation for functionality, for positive action and reliable feedback, not design/minimalism.
I have no fantasies that we'll agree, but wanted to provide a perspective to enhance understanding :)
Edit/Update upon thinking: I think indeed there's a market/product for both: people / companies who prefer minimalism (Apple laptops are really the sexiest epitomes of that design aspiration and I'll agree if sleek sexiness is an important criteria, nothing beats them:). And for people / companies who prefer modularity / functionality / expandability / power... I'd love to say that ThinkPads cater to that audience, but in reality they're becoming more like MacBooks - minimalism is clearly winning in the industry, even if there's a backlash in the hardcore but tiny communities :-/
At any rate, it seems we went from "Trackpoint is the single reason against Thinkpad" to "nothing much against trackpoint", which answers my original question I suppose.
AFAIK that's designed to be used with the trackpoint. Otherwise you don't have any keys to left/middle/right click with.
Edit: display notches are actually probably a better comparison. They're ugly and even though I don't use it I can't get rid of it except by using hardware designed not to have it.
Well that's just, like, your opinion.
Most typists aren't touching the nipple when they're typing, so is it an objection that's purely aesthetic, as opposed to notches?
People who type a lot are super sensitive to changes in their keyboard, and this is a change to the keyboard. It's definitely both aesthetic and functional.
But FWIW the inspiration for the red cap is from pickled plum in bento boxes[0] so
https://imgur.com/a/sbMiIRG https://forum.thinkpads.com/viewtopic.php?f=11&t=131119
I get now why so many anime people love thinkpads.
> Even if you do port coreboot
was read as abrasive; that tweet can be read as a snarky attack that belittles the efforts of the porter, to which the "so what?" response is apt – in fact, a de-escalation.
And yet, in reality, it wasn't one. (This is why you assume good faith, people!)
> was read as abrasive; that tweet can be read as a snarky attack that belittles the efforts of the porter
I guess, because it allows for the chance that someone may not finish what they set out to do?
> to which the "so what?" response is apt – in fact, a de-escalation
"so what" is not a useful path to de-escalation. It's a way of saying "you've said your point and I don't think any of it applies, but I'm not going to explain why, nor even go to the length of explaining this to you, and instead respond with two words." It is, at it's core, dismissive, and that's not a useful way to de-escalate (even though I admit some people seem to think it is). What people don't seem to understand that that colloquial speech used with a friend is often dismissive in exactly this way, on purpose, because when you can actually assume good faith because of lots of prior interactions, it speeds up communication.
> And yet, in reality, it wasn't one.
Yeah, as I noted above, it very rarely is. The only times I think it can be used safely are when the people in question know each other well enough to know the other person is not being condescending and dismissive, and even then it's easy to be interpreted as that when the discussion is heated. In those cases, it sometimes takes people cooling off to assess the conversation more rationally and see what's actually the more likely intent in the phrase.
> (This is why you assume good faith, people!)
Good faith is useful, and necessary, but it really works best when only a little faith is needed in the first place. Since you can only assume good faith for yourself, it's also in your own self interest to make sure you limit the ways in which you speech can be misinterpreted. Often that means being a bit more formal so misunderstandings based on tone and familiarity are more rare. That's a shame, because sometimes we want to show friendship through our words, but that's much harder to do in pure text. Smiley's and emoticons can actually go a long way towards correctly communicating intent in these cases.
Sorry for the rant, I used this as a way to solidify some of my thinking on the subject. :)
Intel ME is still there. It is still potentially remotely configurable and remotely updateable. That those features are not advertised is irrelevant, they can be assumed to be there or easily added.
and there's the issue. it is literally not remotely anything, since in the stated configuration it is not possible to get to it unless you are physically sitting at your computer and logged in. you are making stuff up and saying the thing you made up is dangerous.
If ME is still involved in the system, it can still act as an undetectable permanent implant/rootkit, you just need to burn one 0day to reach it by breaking into the x86 part first.