1 |
On Wed, Nov 22, 2017 at 10:36 PM, Taiidan@×××.com <Taiidan@×××.com> wrote: |
2 |
> On 11/22/2017 11:16 PM, R0b0t1 wrote: |
3 |
> |
4 |
>> Does anyone have more information on this? Has anything been |
5 |
>> published? I'm interested in exploiting my own computers so I can |
6 |
>> control the ME. |
7 |
> |
8 |
> It seems that it is the same people who figured out HAP mode but they |
9 |
> haven't made a blog update I would ask on the coreboot mailinglist, there |
10 |
> are some very smart people there. |
11 |
> |
12 |
> Although I doubt you will find any real information anywhere at all due to |
13 |
> the recent "white hat" tendency to restrict the real nuts and bolts info and |
14 |
> utilities to wealthy corporations instead of us peons who *gasp* might do |
15 |
> something "bad" with it/don't have lots of money to pay for a "premier" |
16 |
> support account. |
17 |
> |
18 |
|
19 |
This does make me sad. In a case such as this it makes the most sense |
20 |
to me that the details be released so people who want to control their |
21 |
devices are allowed to do so before the holes are patched. |
22 |
|
23 |
> I am curious as to why you wish to do this, considering you can buy a libre |
24 |
> firmware owner controlled motherboard with better functionality (ex: |
25 |
> OpenBMC) than any me/psp board for only $250 and $100 for a FX-8310 |
26 |
> equivalent cpu. |
27 |
> |
28 |
|
29 |
I attempted to use some vPro/ME functionality and found it broken or |
30 |
unsuable. So, I suppose I want access to the ME so I can use it for |
31 |
what it was advertised to do. Currently I have not gotten it to do any |
32 |
of those things, and its security is unprovable. |
33 |
|
34 |
> On 11/22/2017 11:18 PM, R0b0t1 wrote: |
35 |
> |
36 |
>> On Wed, Nov 22, 2017 at 6:03 PM, Taiidan@×××.com <Taiidan@×××.com> wrote: |
37 |
>>> |
38 |
>>> Using ME cleaner would also solve the issue and you wouldn't need any |
39 |
>>> more |
40 |
>>> firmware updates when the next "bug" comes around. |
41 |
>>> |
42 |
>> Intel ME has been found to remain active after being disabled, and |
43 |
>> some motherboards that do not ship as "vPro enabled" and consequently |
44 |
>> haven't had the licensing paid for certain features have been found |
45 |
>> with those same features enabled. I own an Asus laptop which is |
46 |
>> affected. Some Asus forum post reported that there's a Java-based SOAP |
47 |
>> webserver listening on the port associated with Intel ME. Intel ME is |
48 |
>> not visible to the BIOS, and so it can't be turned any more "off." |
49 |
> |
50 |
> I understand the limitations of me_cleaner, although in this case it would |
51 |
> in fact solve the problems as all the currently *publicly* discovered "bugs" |
52 |
> are all ME feature exploits (and the features are removed by me_cleaner) |
53 |
> rather than exploits of the ME kernel although I am certain that one is on |
54 |
> the way. |
55 |
> |
56 |
> Believe me I know what I am talking about, I regularly provide support on |
57 |
> the coreboot mailinglist and I own a variety of devices that are owner |
58 |
> controlled with libre firmware (and of course no ME/PSP). |
59 |
|
60 |
Well, at no point did I question your aptitude, but I think the |
61 |
information I outlined is a pretty good argument for assuming the ME |
62 |
can not be disabled. |
63 |
|
64 |
Even if true, there's not much to be done about it anyway. |
65 |
|
66 |
Cheers, |
67 |
R0b0t1 |