Look ma, no Intel Management Engine, ish: Purism lifts lid on the Librem Mini, a privacy-focused micro PC Purism has dropped the veil on the latest computer in its privacy-focused lineup – a small form-factor PC designed for space-conscious free software enthusiasts. Available to pre-order now, the Librem Mini packs an eighth-generation, quad-core Whiskey Lake i7-8565U processor, modified with Purism’s Pureboot technology. At its …
And I have to admit that, one, I like their approach to my security and, two, I like the Librem 15 laptop a lot. Its aspect, the fact that ruggedness and reliability is repeatedly mentioned, and the specs are nothing to sneeze at either. The $1400 price tag is surprisingly acceptable for the quality and specs that are put forth, at least in my opinion. I was expecting a larger price tag then that.
Unfortunately, I have no use for PureOS at this point in time. Still stuck with Windows until I retire. I hope they'll still be around by then.
According to the Wiki article on Intel's ME, you can't avoid the IME security vulnerability as it is a module that the CPU core requires for boot. IME's functionality can be reduced, but never fully eliminated. So is this truly "security" or simply a sense of one, some things still existing but the user under the impression that they are under control here?
I really want one, but I will not buy intel :-(
People have been asking for a while, interesting discussions around the different trust platforms being a fairly valid reason why they haven't https://forums.puri.sm/t/should-the-next-librem-be-amd-based/3010
They do now have an ARM device, so maybe they will consider some more machines based on that instead?
Well, as it is not possible to 100% disable the Intel Management Engine, despite LibreMs marketing claims, I am not sure it makes any difference. At least some of its functions are critical to keeping the system running. The HAP bit, which is what LibreM are setting, supposedly disables all the non-essential functionality but Intel have refused to ever confirm or deny that, and frankly are probably not trustable even if they were to.
If you truly want a Management Engine free system, your options are either very old AMD, even older Intel, Via (IIRC) or non-x86.
Probably because when the system was first designed, likely quite a lot of months ago, the Intel processor had the best performance*.
I'm just amazed that they can somehow squash the Intel Management Engine seeing as thought that it was built into the CPU
*noting that Intel have repeatedly sacrificed security for performance, although I doubt that this was wholly intentional.
"I'm just amazed that they can somehow squash the Intel Management Engine seeing as thought that it was built into the CPU"
Kind of. It looks like they set the HAP bit and erase as much of the firmware as they can, but this still leaves the system vulnerable to the SA-00086 exploit. I wonder if they disconnect the +5VSB and +12VSB rails when the system is powered down so that the engine isn't running when the computer is "off".
Just thinking about your question and I came up with: is it truly necessary?
Upon more consideration, IME is designed to allow system administrators access to configuration setup, even when powered off. The logical method for this would seem to be via Ethernet.
So do you need to try to fool the power rail, monitor triggers (power switch) and CPU, when instead you can simply fully and completely disconnect, or power-kill, networking inputs?
True with DMA access, but the discussion point was vulnerabilities when powered off. Only external communication buses need be discussed when talking about this; a DMA access to an add-in card is extremely unlikely to provide an insertion point for a firmware attack.
So that leaves USB, FireWire, Thunderbolt, eSATA, Ethernet and a few other external communication lines that Intel has included in their hardware implementations since the creation is IME. I would guess that lines added via external-to-the-Intel-chipset glue logic could easily be forced to power down fully upon system shutdown.
So we're left with dealing with external bus and communication lines supplied by Intel hardware, where IME support is implemented with little user choice in the matter.
"Just thinking about your question and I came up with: is it truly necessary?"
Agreed that physically killing the ethernet connection is equivalent. The other vectors probably aren't as important as that would mean that the attacker likely has physical access to the machine anyway. Though it would be interesting to see an exploit over Firewire or HDMI!
Purism is the ideal candidate for designing the stateless laptop.
Don't know why they don't ... the concept surely makes sense.
A stateless laptop isn't a Chromebook. It has persistent storage, but that persistent storage is external to the laptop.
The whole concept of stateless means that the laptop itself doesn't have any chips capable of storing anything (including malware) - everything is moved to an external USB stick. Therefore, malware can't persist in firmware on the machine because the user can replace the stick on demand.
The Librem Mini has a small footprint, measuring just 5 inches across and weighing just 1kg ...
So ... something that seems to have about half the volume of an Acer Revo R3600, or that of maybe half a dozen cased Raspberry Pi model 4 Bs, weighs 25% more than the Acer and ten times as much as the Pi?
The radiation shielding must be brilliant!
It's the Atari ST syndrome.
People thought it can't possibly have that much power in such a small package. So they made it feel like it had a lot of "stuff" in there. And slapped a load of unnecessary metal work in there. On the upside it did mean you could drop from a great height and still work.
This may not actually be true of course.
Well-documented as in "Intel have released all the details of the management engine and other similar components, and we trust them to be complete?"
Or as in "researchers have comprehensively reverse-engineered the billion-transistor silicon, and to the best of their knowledge there are no additional backdoors to be found?"
I'm not sure either of those fills me with much confidence.
I'm not sure either of those fills me with much confidence.
Right on -- at one point, evidence of one backdoor would have been taken as strong indication there are others. Have we actually reached a point where cheap is that much more important than secure, to a point where the industry is willing to purposefully turn a blind eye to these things to maintain the illusion?
Oh, right, IT. This is just another way for the PHB to under-spec kit and make the beancounters happy. Too bad the GDPR doesn't make the PHBs that sign off on this kind of thing personally liable for the predictable consequences.
I said x86 (the architecture), not Intel CPUs themselves. Your question was about how the choice of architecture could affect backdoor presence.
Backdoors could be built in any hardware including open-source hardware. You have to have perfect control of the supply chain, from the individual silicon wafers, even the machinery used to cut and process the wafers, to the couriers transporting your finished CPUs. An impossible amount of control, plain and simple, even for nation-states.
Same goes for software. You have to write your own assembly code if you want to be 100% guaranteed to be free of backdoors.
As far as it's known from Intel documentation, Intel MEI loads its firmware from an SPI chip on the motherboard, the same one that holds the BIOS/UEFI.
This project's whole point is to keep only a minimum of MEI components that would still permit the CPU to boot (while obliterating ME functionality).
If the objective is to build something free of backdoors in the CPU, wouldn't you base it on OpenRISC, or at least ARM?
Strange choices. The two leading open ISAs today are RISC-V and Power, and both are already usable for low compute power tasks in FPGA. The latter does have nice server / desktop chips available too, unlike the ARM server chips that always seem to come with IME equivalents. Agree with the general sentiment though, Intel (or AMD) and security do not belong in the same sentence unless the word "vulnerability" is also used.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
