Stories
Slash Boxes
Comments

SoylentNews is people

Purism Disables Intel Management Engine on Librem Laptops

posted by martyb on Sunday October 22 2017, @04:42PM   Printer-friendly
from the hold-my-beer,-I-wanna-be-free dept.

takyon writes:

Purism Disables Intel ME On Its Privacy-Focused Librem Laptops

Purism, a startup that aims to develop privacy-focused devices, announced that it has now disabled Intel's Management Engine (ME). The company, and many privacy activists, believe that because Intel's ME is a black box to the user, it could hide backdoors from certain intelligence agencies. Alternatively, it may contain vulnerabilities that could even be unknown to Intel, but which might still be exploited by sophisticated attackers to bypass the operating system's security.

[...] The Librem laptops use Coreboot firmware, which is an open source alternative to BIOS and UEFI for Linux. The company said that using Coreboot is one of the primary reasons why they were able to disable Intel ME in the first place. Coreboot allowed them to dig down on how the processor interacts with this firmware and with the operating system.

Purism had already "neutralized" the Intel ME system on its Librem laptops, which essentially meant that the mission-critical components of Intel ME were removed. However, this could still cause some errors, because the Intel ME would still be "fighting" Coreboot's attempt to neutralize it. With the new method that disables it, the Intel ME can be shut down gracefully. Purism's laptops will continue to support both methods for extra security, just in case the Intel ME is able to "wake-up" somehow, after it's disabled.

[...] Both Librem 13 and Librem 15 laptop models will now ship with Intel ME disabled by default. Customers who have purchased the older Librem laptops will also receive an update that will disable Intel ME on their systems.

Related: Purism Exceeds $1 Million in Funding for Librem 5 Linux-Based Smartphone
How-To: Disabling the Intel Management Engine

Original Submission

 
This discussion has been archived. No new comments can be posted.
Purism Disables Intel Management Engine on Librem Laptops | Log In/Create an Account | Top | 29 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Sunday October 22 2017, @07:23PM

    by Anonymous Coward on Sunday October 22 2017, @07:23PM (#586016)

    From everything I've heard, minecraft is a bigger cpu hog, before including mods and addons and other items.

    That said, the VC4 in the Pi, while good enough to render some semi-modern games, just doesn't have the throughput required to run anything complex above 640x480 at an acceptable framerate. It is either 20 or 40GFlops of peak performance, which for reference is about the same performance as the AMD 760G chipset's Radeon HD3000(3100?) IGP, only with half to a quarter the memory bandwidth (depending on your AM2/3 cpu) and a simpler opcode set, reducing both features and real world peak performance.

    Having said that: Broadcom, via the VC4, at least until the VC5 comes out with the same sort of mandatory signing as AMD and Nvidia now have, is actually the MOST OPEN 'generally programmable' GPU hardware available today. The Vivante and Adreno aren't bad either, but given the difference in availability, the RPi/VC4 can be found in almost any electronics store today and there is almost complete firmware for initializing it openly. With Vega, AMD has closed that door in both the cpu and gpu, making the Pi actually the more open and potentially secure device. It may turn out NOT to be, but just based on the ability to change code if a security exploit IS ever detected, it is already much better.