Hugo Landau has written a blog post about why Intel will never let hardware owners control the Management Engine. The Intel Managment Engine (ME) is a secondary microprocessor ensconced in recent Intel x86 chips, running an Intel-signed, proprietary, binary blob which provides remote access over the network as well as direct access to memory and peripherals. Because of the code signing restrictions enforced by the hardware, it cannot be modified or replaced by the user.
Intel/AMD will never allow machine owners to control the code executing on the ME/PSP because they have decided to build a business on preventing you from doing so. In particular, it's likely that they're actually contractually obligated not to let you control these processors.
The reason is that Intel literally decided to collude with Hollywood to integrate DRM into their CPUs; they conspired with media companies to lock you out of certain parts of your machine. After all, this is the company that created HDCP.
This DRM functionality is implemented on the ME/PSP. Its ability to implement DRM depends on you not having control over it, and not having control over the code that runs on it. Allowing you to control the code running on the ME would directly compromise an initiative which Intel has been advancing for over a decade.
(Score: 2) by Unixnut on Tuesday July 24 2018, @08:46AM (2 children)
I would not use a system that tries to control, deny my instructions and generally boss me around.
I mean think about it, if you care about freedom and security enough to never ever connect your PC to a network and only deal with USB sticks as your interaction, why on earth would you go through all that effort, and deal with all the inconvenience, and then stick to a software system that tells you what you should do, and denies you control unless you submit to its instructions?
Ideally, If you want security and control, you have to apply it to the entire stack, from the silicon to the end-user app.
Also, I would not recommend USB sticks, after all, an entire class of viruses developed that spread by floppies, in theory nefarious backdoor could just use your USB stick for compromising you. Not sure what would be a good way for communication, I would probably go back to the old RS232, with custom (and limited) commandsets. It is a low-level, simple and rugged enough system that it would be hard to find underlying security holes in, at which point your security is as good as the terminal server you write/use on the other end of the line.
(Score: 3, Insightful) by fyngyrz on Tuesday July 24 2018, @10:03AM
With an axe.
(Score: 2) by fyngyrz on Tuesday July 24 2018, @10:05AM
ugh, sorry, replied to wrong message. Coffee!