Ask HN: Most open / secure firmware on a laptop?
> One subcomponent stored within the UEFI firmware is the Intel Management Engine (ME) firmware. The ME—a separate processor and subsystem within Intel chips—is used primarily for audio and video copyright protection on a Mac that has only Intel-based graphics. To reduce this subcomponent’s attack surface, an Intel-based Mac runs a custom ME firmware from which most components have been removed. Because the resulting Mac ME firmware is smaller than the default minimal build that Intel makes available, many components that have been the subject of public attacks by security researchers in the past are no longer present. [2]
This statement sounds similar to the functionality provided by this tool: https://github.com/corna/me_cleaner.
I'm wondering what the community recommends / uses for their own personal laptop hardware. I've seen efforts from Purism [3], System76 [4], Starlabs [5] to make use of Coreboot [6], but AFAIK these efforts aren't able to neuter Intel ME at the level of an Thinkpad x200 [7] with Libreboot [8]. Is there reason to believe that the M1 firmware in the new MacBooks has less vulnerabilities?
What is your preferred laptop?
[1] https://en.wikipedia.org/wiki/Intel_Management_Engine#Security_vulnerabilities
[2] https://www.apple.com/ca/business/mac/pdf/aaw-platform-security.pdf
[3] https://puri.sm/
[4] https://system76.com/
[5] https://starlabs.systems/
[6] https://en.wikipedia.org/wiki/Coreboot
[7] https://minifree.org/product/libreboot-x200/
[8] https://en.wikipedia.org/wiki/Libreboot
0 comments
[ 2.6 ms ] story [ 7.4 ms ] threadNo comments yet.