63 comments

[ 2.5 ms ] story [ 122 ms ] thread
My second thought on reading this was how can a server be PCI compliant with Intel management engine installed? but a quick search shows that Intel have thought of this: http://www.intel.co.uk/content/dam/www/public/us/en/document...

My first thought was that it seems increasingly clear that Stallman has been right all along.

> My first thought was that it seems increasingly clear that Stallman has been right all along.

The problem is that being philosophically right doesn't always mean being practically right. In order to create the perfect Stallman-esque machine, one would have to design everything from the logic chips up from scratch, because in the end, no third party can be trusted. He says this himself about the Loongson system he uses daily; he considers it a compromise but one heavily weighted in his favor.

In short, Stallman has been right all along, but there's little we can do about it from a practical standpoint.

We can certainly do a lot better than this, an attitude of "unless its perfect its futile to even try" is defeatist bullshit, and not what Stallman endorses at all.
> "unless its perfect its futile to even try"

I didn't say that. I said there's little we can do, not nothing we can do. And there are people, Stallman and others, who are doing something. I'm simply acknowledging that it's a mountain, not a foothill.

(comment deleted)
(comment deleted)
there's plenty we can do. Bunnie's Novena laptop is a great example of moving in the right direction. It all depends on speed I guess; you could have a completely open hardware laptop using an FPGA, but speed would be an issue for sure
The Novena has a quad-core Cortex A9 as well as the FPGA. A lot of people who buy it probably won't use the FPGA at all. In fact, the Spartan-6 FPGA might have more secrets than the CPU.
rms doesn't have the Loongson netbook anymore, he rolls with a Gluglug X60 now I believe.
Thanks for that, I'll have to look into that device and see what it's all about.

Edit: So it's an off the shelf Thinkpad X60 with fully open source software? I thought that was something he was wary of, given his stance on Intel's partially closed designs. Also, wouldn't the TPM chip be an obstacle given the privacy concerns surrounding it raised by RMS himself?[1] From what I saw from the gluglug website, there is no mention of removing or disabling the TPM module, though I suppose one could remove it from the board themselves after purchase.

[1]: https://www.gnu.org/philosophy/can-you-trust.html

From my understanding, you can disable the TPM by removing the kernel driver and any other drivers. The X60 is the last Thinkpad model in which it lives in a separate chip.
Is it really disabled though? The hardware is still there unless you extract the chip itself. For example, Intel's AMT exists at a level so far below the software and UEFI/BIOS that you can have just power and Ethernet/wifi plugged into the board, and it will "phone home" if it is configured to. Boards with GSM modules can even be controlled remotely via SMS commands.

I realize that TPM and AMT are completely different animals, but AMT shows us that a low level "security" device on board can potentially mean compromised privacy and loss of control.

The TPM can be fully controlled by the user (or ignored altogether).

Much misinformation about the TPM stems from the Anderson paper, which mixed up real TPM implementation and then-future Palladium concepts and claimed that this all runs in contemporary TPM chips.

In reality, TPM is a chip with (rather slow) crypto functionality and a reasonable secure storage whose content can be "sealed" to certain system states. That state information is pushed to the TPM by the host system, since the TPM is a fully passive component. (Exception: new Intel chipsets feature 'Boot Guard' where the chipset pushes some root trust information to the TPM in a way that code on the CPU can't modify - but the TPM is still passive)

If you control the firmware, you can build a reasonably secure environment using the TPM. But coreboot (or its libreboot distribution) by default don't even do that with the TPM.

one would have to design everything from the logic chips up from scratch

You mean like http://www.greenarraychips.com/home/products/index.html ?

Stallman's endorsement of Chinese hardware illustrates tho' that he values software freedom over, y'know, political freedom, which puts him on dodgy ground IMHO.

> Stallman's endorsement of Chinese hardware illustrates tho' that he values software freedom over, y'know, political freedom, which puts him on dodgy ground IMHO.

Show me a laptop or desktop computer not made wholly in China, or at the very least, containing a majority of parts not made in China, and you might have an argument here. The fact of the matter is, non-Chinese-made hardware meeting all of his requirements is scarce to the point of extinction. Maybe (maybe!) a couple of Korean phones and tablets have no DRM, no NDAs attached, no hidden features, no binary blobs required for full utilization.

Or in other words, if you're so worried about political freedom, you'd best throw out that smartphone, that laptop, that desktop, that gaming console, that car stereo, and so on. Dodgy ground indeed, isn't it?

And even those Korean phones and tablets are probably built in the Kaesong Industrial Region, more or less directly helping North Korea.
> The problem is that being philosophically right doesn't always mean being practically right.

"Practical" is a code word people use to mean whatever is convenient for them or is on their agenda. You can use the argument "that's just not practical!" with whatever evidence you can come up with as an objection to almost anything, which makes it a poor argument. That's why we need unambiguous and objective philosophical positions to make decisions in specific circumstances.

What you're really saying is that working against the development of surveillance and control technologies by private capital and government decision makers is hard and so is not "practical."

> "Practical" is a code word people use to mean whatever is convenient for them or is on their agenda.

I don't see it as a "code word", I see it as it is defined: In practice, as opposed to in theory. And I don't have an agenda, I'm just making an observation.

> What you're really saying is that working against the development of surveillance and control technologies by private capital and government decision makers is hard and so is not "practical."

No, I'm not saying that at all; you're putting words in my mouth that I never uttered. I'm simply saying that in theory, fully Free and Open Source methodology is the best way to ensure that we live fully Free digital lives. In practice this is difficult (but not impossible) to achieve, and it certainly is worth striving for.

I'm not saying you don't have a valid viewpoint, but you don't have to make up your own version of what I said and attribute it to me to make your point. You can argue on your own merits and not resort to grade school tactics (at least I hope you can).

> In practice this is difficult (but not impossible) to achieve

Why? Without going looking at particular FLOSS situations, this is just defining the word "practice" to mean "difficult to achieve." In "practice," Linux on mobile phones was difficult in 2007 and is easy today.

> I'm not saying you don't have a valid viewpoint, but you don't have to make up your own version of what I said and attribute it to me to make your point. You can argue on your own merits and not resort to grade school tactics (at least I hope you can).

I'm not arguing with you, I am pointing out that your assumptions are vague and your conclusions circular. There is not a single "practice" that just happens to be some bad guy opposing FLOSS because he hates your freedoms.

Is Linux on the phone a good thing? Android benefits a tremendous amount from Linux but at the same time Android phones are locked down black boxes with huge privacy risks.

So it's one step forward for FLOSS practice, two steps backward for privacy theory.

People accuse Stallman of being impractical, but stricter adherence to theory (GPLv3) would have prevented the practical problems of locked bootloaders on Android phones.

It's not as simple as saying "theory easy, practice hard."

> There is not a single "practice" that just happens to be some bad guy opposing FLOSS because he hates your freedoms.

And once again, that's something I never said, nor inferred. I won't continue to have a discussion with someone who insists on twisting words and making up shit to chase an ever-changing point of view. I stand by what I actually said: 100% Free and Open Source software is a noble ideal and a powerful tool in the fight for digital freedoms, but in reality it's difficult (but not impossible) to achieve such a state. No matter what, we must continue to strive for that goal.

Your words:

>100% Free and Open Source software is a noble ideal and a powerful tool in the fight for digital freedoms, but in reality it's difficult (but not impossible) to achieve such a state.

>In practice this is difficult (but not impossible) to achieve

sedachv's words:

> What you're really saying is that working against the development of surveillance and control technologies by private capital and government decision makers is hard and so is not "practical."

Those look like exactly the same statement to me.

>> There is not a single "practice" that just happens to be some bad guy opposing FLOSS because he hates your freedoms.

>And once again, that's something I never said, nor inferred.

...that sentence is not accusing you of saying that practice is a person. sedachv is pointing out that practice is not a coherent whole, that's all.

I don't know why you're accusing sedachv of twisting words. sedachv 'merely' accused you of being intellectually lazy for using difficulty to declare something as not practical.

It's pretty simple: He's accusing me of having given up, whereas I've been saying all along that we should continue to fight the good fight and not give up. He says:

> What you're really saying is that working against the development of surveillance and control technologies by private capital and government decision makers is hard and so is not "practical."

-- when I never once said that. His words imply that I said I gave up, and I never did, in fact quite the opposite.

Maybe he takes issue with the fact that I acknowledge that it's a difficult fight, not an easy one, but whatever. I said what I came to say and I stand by it.

> Maybe he takes issue with the fact that I acknowledge that it's a difficult fight, not an easy one, but whatever.

Let me repeat this for the third time: the only thing I object to about your original post is the use of the cliche "it's not practical!" argument.

Saying "it's difficult" is one thing, because the obvious next question is "what makes it difficult?" Saying "it's not practical" is a lazy way to shut a conversation down and by implication accuse whoever is advocating the "impractical" point of view of having a poor grasp of reality.

Why would the newest version of the ME use SPARC ISA? Does someone out there need register windows?
Where did everyone get SPARC from? The slides clearly say ARC, not SPARC.
slide 16 and 50
Different versions of this slideshow have different information. The table titled "ME Core Evolution" (slide 15/16), for example, shows two generations in the version on slideshare, but three generations in the PDF on recon.cx. There is also more discussion of the SPARC architecture in the PDF version.

I did wonder if SPARC refers to the Sun architecture, or if it's an evolution of ARC that simply collides with the other name. He doesn't mention having successfully disassembled any of the BayTrail/TXE versions' firmware yet.

From the pdf version linked at: https://news.ycombinator.com/item?id=8813925

The author clearly believes it's SPARC in Bay Trail, since he seems surprised by it. A coincidence does seem pretty likely but you'd think Oracle would object.

SPARC is maintained by SPARC International, so Oracle doesn't have too much to say about that.

However, Intel isn't part of that group (at least according to the website), and that doesn't fit their MO when adopting external technology.

Wow. SPARC and Java, two things you wouldn't ever expect Intel hardware to ship with! The mention of SOAP-based protocols is also rather surprising, since they have rather high overhead, and this means ME is not just a little 8051-class MCU but almost a fully-featured PC itself...

The amount of complexity - and the opportunities to hide things in that - has increased so much compared to earlier PCs that in some ways I think the development of computer systems is headed on a rather treacherous path. When systems are so complex that no single person can understand them entirely, it's easier to make them behave against their owner's will.

Do fewer people know how to write SPARC shellcode than x86?
Fortunately, a number of non-PC systems exist (one is probably in your pocket).
What, SPARC and Java in Intel motherboards? Is this some elaborate gag on Sun/Oracle? I hope they'll demo it by running Solaris there for good measure.
ARC, not SPARC. Did the title on HN say "SPARC" originally or something? Because the slides never mentions SPARC, they discuss ARC, an embedded ISA.
ARC[1], not SPARC. It evolved from the SuperFX chip used in some SNES games.

[1]: http://en.wikipedia.org/wiki/ARC_International

The earlier ME versions used an ARC. The later ones use a SPARC.

Look at slide 50.

Slide 16 says that ME v1.x used an ARCTangent-A4 and that ME v2.x uses an ARC 600.
Take a look at the PDF version on recon.cx linked by jesrui— it's substantially different from the slideshare version in a few places, notably that it talks about a third generation (Bay Trail TXE) which uses SPARC and drops the pesky Huffman coder entirely in favor of LZMA.
tldr: Intel's remote management capabilities are obscurely baked into every chipset. The ME has out of band access to the network card and main memory. Since ME also has its own flashable memory in principle a machine could be compromised in a nearly undetectable way. The presentation shows that a lot of interesting details of ME have been brought to light but it has also withstood a first round of attacks. No rootkit has yet been shown to be practical.
what an unlikely coincidence. amazing what nature can come up with without any sort of plan or guidance. :)
It just has to be a matter of time until it is cracked. I am surprised Intel did this.
My guess is that this was requested and passed by without fully understanding the consequences.
Lets just hope that intel security teams are better than Sony Pictures' ones.

After the sony hack ... lets say that I feel less secure about anything.

What was exceptional about the Sony hack? Lots of companies have been owned due to various oversights.
The scope. They almost reached to "be able to destroy the company" scale.
"Can be active even when the system is hibernating or turned off (but connected to mains)"

On top of the security issues, it seems Intel owes a lot of people some reimbursements for their share of the power bill. Unfortunately, I suspect this theft of electricity will be quietly swept under the rug and forgotten about.

Is it part of vPro or available in every cpu? Can it be disabled like TSX?
The ME is on _every_ CPU, and you can't easily disable it (there are ways, but it's unclear how much really shuts down, and you might lose power management features).

vPro is merely the larger ME firmware: The small one is 1.5-2MB, the vPro one is 5-7. A non-vPro mainboard probably comes without a SOAP-capable webserver (although I wonder what they need 1.5MB of code for), but the chip to run it is all there.

Oh no. I thought I could select the right chip like you can do to dodge TSX and HT.

What if I get an AMD CPU? Do those also have an IPMI in disguise inside the CPU package wired to a network interface?

> What if I get an AMD CPU? Do those also have an IPMI in disguise inside the CPU package wired to a network interface?

AMD implements something similar with DASH in some of its APUs: http://www.amd.com/Documents/out-of-band-client-management-o...

On page 10 in that PDF it says:

> DASH support is available in numerous client platforms, including the HP Elitebook 700 series, HP EliteOne 705, HP EliteDesk 705 Mini, HP EliteDesk 705, HP 6305 and Lenovo M78 ThinkCentre. Support is also available in management consoles, including the Symantec/Altiris Client Management Suite v7.5, and Microsoft System Center Configuration Manager (SCCM)*.

The interesting thing is that they refer to NIC vendors all the time - as if that feature is integrated with the ethernet controller (plus some help of the chipset to keep it alive when everything else is off).

However AMD has its own share of extra processors within the CPU and chipset, of which we (at coreboot) know of at least two: SMU and IMC. The firmware for both is still measured in kilobytes, and they seem to have limited access to hardware resources. (for SMU, see http://media.ccc.de/browse/congress/2014/31c3_-_6103_-_en_-_...)

Newer chipsets (than kaveri/kabini) come with TrustZone (that ARM stuff) and a "Platform Security Processor", which indicates that there's at least one new processor, likely ARM based.

Good to know I can freely choose between AMD and Intel chips then. Let's hope lowRISC doesn't implement a similar attack vector.
The real question is, what happens if you flash a custom BIOS that just ignores the ME?

Intel chips up to (I think) 2006 would happily boot without the ME enabled ("ME optional").

Intel's newer chipsets have a watchdog in the ME hardware which will reset the main CPU if the ME is not initialized by the BIOS ("ME mandatory").

Combined with the as-of-yet unbroken RSA signature on any ME firmware, this has some pretty astounding implications.

My last few computers have used AMD chips. I think I will stick with those.
As noted in another comment AMD has something similar.