Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Sunday October 22 2017, @04:42PM   Printer-friendly
from the hold-my-beer,-I-wanna-be-free dept.

Purism Disables Intel ME On Its Privacy-Focused Librem Laptops

Purism, a startup that aims to develop privacy-focused devices, announced that it has now disabled Intel's Management Engine (ME). The company, and many privacy activists, believe that because Intel's ME is a black box to the user, it could hide backdoors from certain intelligence agencies. Alternatively, it may contain vulnerabilities that could even be unknown to Intel, but which might still be exploited by sophisticated attackers to bypass the operating system's security.

[...] The Librem laptops use Coreboot firmware, which is an open source alternative to BIOS and UEFI for Linux. The company said that using Coreboot is one of the primary reasons why they were able to disable Intel ME in the first place. Coreboot allowed them to dig down on how the processor interacts with this firmware and with the operating system.

Purism had already "neutralized" the Intel ME system on its Librem laptops, which essentially meant that the mission-critical components of Intel ME were removed. However, this could still cause some errors, because the Intel ME would still be "fighting" Coreboot's attempt to neutralize it. With the new method that disables it, the Intel ME can be shut down gracefully. Purism's laptops will continue to support both methods for extra security, just in case the Intel ME is able to "wake-up" somehow, after it's disabled.

[...] Both Librem 13 and Librem 15 laptop models will now ship with Intel ME disabled by default. Customers who have purchased the older Librem laptops will also receive an update that will disable Intel ME on their systems.

Related: Purism Exceeds $1 Million in Funding for Librem 5 Linux-Based Smartphone
How-To: Disabling the Intel Management Engine


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by https on Sunday October 22 2017, @08:21PM (3 children)

    by https (5248) on Sunday October 22 2017, @08:21PM (#586041) Journal

    Systemd originators have acknowledged that they won't make any didactic documentation available. Well, not literally said so, but actions are pretty loud. The only available docs are post-hoc by third parties, and you have to be careful of the dates on them because...

    They openly admit to having no fixed design.

    Can you tell me why I should waste any more than one minute studying something like that?

    --
    Offended and laughing about it.
    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 5, Insightful) by jmorris on Sunday October 22 2017, @09:30PM (2 children)

    by jmorris (4844) on Sunday October 22 2017, @09:30PM (#586059)

    No, that is old news. They did at least get the message about proper documentation. You don't have to follow Pottering's blog anymore to know how it works, there are manpages and stable webpages. Gotta give credit where due, if only from a purely selfish desire to make my objections to the concept informed ones. Because I don't care how documented it is, I don't even care if it eventually 'works' (for some value of works) because the idea is defective and abhorrent. I don't want Windows Service Manager ported in, even if Pottering's misfits manage to implement it better than Microsoft's code monkeys.

    • (Score: 2) by bart on Monday October 23 2017, @06:51PM

      by bart (2844) on Monday October 23 2017, @06:51PM (#586486)
      I very recently downloaded the systemd source code from github just to have a look, and am apalled by its lack of source code documentation.
      Hardly any of its files or functions or structs have any explanation whatsoever of their purpose. Something like doxygen, Redhat never heard of obviously.
    • (Score: 2) by gawdonblue on Tuesday October 24 2017, @06:46AM

      by gawdonblue (412) on Tuesday October 24 2017, @06:46AM (#586747)

      I fuckin' hate systemd. It's made two of my machines unbootable, or perhaps infinitely rebootable is a better description. Small issues that would have resulted in a meaningful error message and perhaps some reduced functionality under previous init systems now prevent the whole system from booting.

      For example, my laptop will boot from any non-systemd live CD but as soon as a systemd-infected distro is tried the whole thing goes into beserker mode.

      Poottering is either an idiot or is working for Microsoft. Systemd is fuckin shite and should be shoved up that stooge sideways.

      (Sorry about the swearing, but I've just learnt that my workplace is now using Microsoft's SAAS shit and has signed me up without asking me if I agree, including to the so-called privacy policy which gives MS carte-blanche. Fucking idiots.)