When it comes to Intel Management Engine, I actually think it’s not a threat if you neutralize it. I mean to just set the HAP bit on it. Because if that isn’t enough then that means all computers in the world which use Intel CPU can be accessed by NSA but if NSA had this much power then it seems obvious that they aren’t using it and why wouldn’t they use it?

There’s a github project to neutralize/disbale Intel ME: https://github.com/corna/me_cleaner Disable is overwriting intel ME as much as possible with zeros, leaving only a little remaining to be able to boot the computer. The newer the intel chips are, the less likely it is to be able to disable it. But all chip sets can be neutralized which means to set the HAP bit which is an official feature. In theory we can’t actually trust the HAP bit to really disable intel ME permanently. It’s more like asking Intel to do what they have promised because it’s proprietary. But I think it really does permanently disable it because otherwise NSA would be abusing this power.

That’s why I think the newer laptop models are better because it’s probably not necessary to disable, it’s enough to just neutralize withthe HAP bit. And with a newer modern laptop they can have open source Embedded Controller firmware which is better than proprietary Embedded Controller firmware.

I’m interested to hear what you think as well.

  • nbailey@lemmy.ca
    link
    fedilink
    English
    arrow-up
    48
    ·
    2 months ago

    I choose not to think about it or include it in my mental threat model, the same way I choose to not worry about thermonuclear warheads.

    If there’s some exploitable backdoor and Intel gets owned, we’re all boned and there’s nothing we can really do about it. I don’t have anti-ballistic-missile systems, and I also don’t have the capability to make an entire hardware/firmware/os from scratch.

    So instead focus on the things you can control and are more likely to happen. Don’t plan for doomsday, plan for every day.

    • Time@sh.itjust.works
      link
      fedilink
      arrow-up
      9
      ·
      2 months ago

      I would go on eBay and buy a Libreboot machine from 2009 and prior (X200, T500, etc.) These systems have 100% no blobs in the firmware and can have the IME fully disabled. I use these as my daily and I’m fine.

        • Time@sh.itjust.works
          link
          fedilink
          arrow-up
          4
          ·
          edit-2
          2 months ago

          I mean, sure, but to be honest, I think most people just browse the web. They open Google Chrome, and that’s basically all they know. Some don’t even know what OS they’re using. I would say that’s at least 40% of computer users. I think they’re just unaware that there are other options, like the ones I listed above. Honestly, it’s not their fault; Libreboot and GNU/Linux aren’t mainstream yet. I really don’t see why you would need a powerful machine unless you’re a gamer or work in computer graphics, etc.

          You’re not wrong, but for those who don’t use their machines to make money in these fields, think about the freedom you’ve lost. Consider all the things that make you who you are, being entirely known by someone you never consented to give information to. I just think it’s sad that most people don’t care, but I do, and I will keep fighting for it.

          I gave up gaming, I stopped wasting time and started getting more done. It really just gives me the freedom to do other things. When people say “user freedom,” it’s not just about the software; it’s about having control over one’s life.

          There is a sort of hidden beauty in free software. It might seem boring, but that’s kind of the point! Go outside, read books, enjoy life, and live in the moment. I encourage everyone to do the same.

            • Time@sh.itjust.works
              link
              fedilink
              arrow-up
              3
              ·
              edit-2
              2 months ago

              It was more of a personal reflection for myself, rather than saying gaming is a waste of time universally. I see how you interpreted it that way, I should’ve phrased it a bit better.