Op 23-11-15 om 10:47 schreef mkesper:
Hi Paul,
Am 2015-11-22 15:22, schrieb Paul van der Vlis:
Maybe I will show Intel AMT. That's a dangerous feature in Intel CPU's. You can completely control a machine with it, bypassing the operating system. Even when the machine is "off".
Great show! There is nothing you can do against that one, right
On some older machines it's possible, e.g. by using libreboot. But in newer machines it's in the processor itself.
It's not sure you can turn the “provisioning” mechanisms really off. There are mechanisms to configure devices from remote.
And there are public bugs in it, see e.g. this: https://support.lenovo.com/us/en/product_security/len_3556
(short from buying hardware not featuring it)?
How do you know for sure the hardware does not feature it? I do not trust Intel processors anymore.
And I've heard AMD is also working on something like this (but maybe better). Some names: SIMFIRE, DASH, DMTF.
But I also think this is unacceptable for many organisations, so maybe it will open eyes for the dangers of closed hardware. In hardware you can do everything what you can do in software.
With regards, Paul van der Vlis.