| 1 |
On Wed, Nov 22, 2017 at 10:36 PM, Taiidan@×××.com <Taiidan@×××.com> wrote: |
| 2 |
> On 11/22/2017 11:16 PM, R0b0t1 wrote: |
| 3 |
> |
| 4 |
>> Does anyone have more information on this? Has anything been |
| 5 |
>> published? I'm interested in exploiting my own computers so I can |
| 6 |
>> control the ME. |
| 7 |
> |
| 8 |
> It seems that it is the same people who figured out HAP mode but they |
| 9 |
> haven't made a blog update I would ask on the coreboot mailinglist, there |
| 10 |
> are some very smart people there. |
| 11 |
> |
| 12 |
> Although I doubt you will find any real information anywhere at all due to |
| 13 |
> the recent "white hat" tendency to restrict the real nuts and bolts info and |
| 14 |
> utilities to wealthy corporations instead of us peons who *gasp* might do |
| 15 |
> something "bad" with it/don't have lots of money to pay for a "premier" |
| 16 |
> support account. |
| 17 |
> |
| 18 |
|
| 19 |
This does make me sad. In a case such as this it makes the most sense |
| 20 |
to me that the details be released so people who want to control their |
| 21 |
devices are allowed to do so before the holes are patched. |
| 22 |
|
| 23 |
> I am curious as to why you wish to do this, considering you can buy a libre |
| 24 |
> firmware owner controlled motherboard with better functionality (ex: |
| 25 |
> OpenBMC) than any me/psp board for only $250 and $100 for a FX-8310 |
| 26 |
> equivalent cpu. |
| 27 |
> |
| 28 |
|
| 29 |
I attempted to use some vPro/ME functionality and found it broken or |
| 30 |
unsuable. So, I suppose I want access to the ME so I can use it for |
| 31 |
what it was advertised to do. Currently I have not gotten it to do any |
| 32 |
of those things, and its security is unprovable. |
| 33 |
|
| 34 |
> On 11/22/2017 11:18 PM, R0b0t1 wrote: |
| 35 |
> |
| 36 |
>> On Wed, Nov 22, 2017 at 6:03 PM, Taiidan@×××.com <Taiidan@×××.com> wrote: |
| 37 |
>>> |
| 38 |
>>> Using ME cleaner would also solve the issue and you wouldn't need any |
| 39 |
>>> more |
| 40 |
>>> firmware updates when the next "bug" comes around. |
| 41 |
>>> |
| 42 |
>> Intel ME has been found to remain active after being disabled, and |
| 43 |
>> some motherboards that do not ship as "vPro enabled" and consequently |
| 44 |
>> haven't had the licensing paid for certain features have been found |
| 45 |
>> with those same features enabled. I own an Asus laptop which is |
| 46 |
>> affected. Some Asus forum post reported that there's a Java-based SOAP |
| 47 |
>> webserver listening on the port associated with Intel ME. Intel ME is |
| 48 |
>> not visible to the BIOS, and so it can't be turned any more "off." |
| 49 |
> |
| 50 |
> I understand the limitations of me_cleaner, although in this case it would |
| 51 |
> in fact solve the problems as all the currently *publicly* discovered "bugs" |
| 52 |
> are all ME feature exploits (and the features are removed by me_cleaner) |
| 53 |
> rather than exploits of the ME kernel although I am certain that one is on |
| 54 |
> the way. |
| 55 |
> |
| 56 |
> Believe me I know what I am talking about, I regularly provide support on |
| 57 |
> the coreboot mailinglist and I own a variety of devices that are owner |
| 58 |
> controlled with libre firmware (and of course no ME/PSP). |
| 59 |
|
| 60 |
Well, at no point did I question your aptitude, but I think the |
| 61 |
information I outlined is a pretty good argument for assuming the ME |
| 62 |
can not be disabled. |
| 63 |
|
| 64 |
Even if true, there's not much to be done about it anyway. |
| 65 |
|
| 66 |
Cheers, |
| 67 |
R0b0t1 |
Archives