You are viewing a single comment's thread.

view the rest of the comments →

0
10

[–] greyhat399321 0 points 10 points (+10|-0) ago  (edited ago)

For older intel chips, the ME can be completely neutered using Libreboot or Coreboot - IBM Thinkpads and others are popular targets. I believe the 13 inch Pureism laptop also supports it, and has the added benefit of physical switches to turn the camera, mic, and blutooth/wifi off.

It really is too bad to see that the POWER8 talos project didn't make it. I hope that the newer RISC projects succeed in the future.

Another standalone tool for newer Intel Chips, me_cleaner, is now available too. Aside from standalone use on Linux/BSD users' machines for privacy, coreboot/libreboot have also adopted it to take their fully open source bios/efi replacement into the future for newer hardware. To use me_cleaner, you have to extract your CPU's microcode, either directly or from a bios update. Then, you run me_cleaner to modify the intel microcode inside, and proceed and flash to the CPU with the bios update, or using the built in functionality the Linux kernel has, which can re-flash the microcode every boot if you want it to.

More recently, AMD has expressed open sourcing their PSP (backdoor like ME) as a potential option.

Relevant info below.

Other things to remember are that despite all this, hard drive/ssd controllers, mouse/trackpad/periphrial/misc chips and controllers all still run proprietary blobs. Likewise implants exist that aren't really perceptible to the naked eye. Furthermore, with airgap expoits varying from USB/cdrom based exfiltration, to infrasound and EM based exfiltration (and encryption key stealing out of the air this way), there's nothing truly safe, but there certainly is "safer"

Another consideration should be that there's no such thing as privacy with a mobile phone or anything using cell networks even if you ignore dirt boxes and fake towers...aside from triangulation nobody owns the baseband processor, except for the manufacturer and the governments...and wifi can be used to track people even without devices as now 2.4 ghz signals can be used to generate 3d renderings of people moving around...

It may all sound tinfoil-hatty but it is sadly true.

0
0

[–] Tancred 0 points 0 points (+0|-0) ago 

Is there a potential for bricking your CPU when you flash the microcode? (I didn't even know you could do that)

0
0

[–] greyhat399321 0 points 0 points (+0|-0) ago 

Very doubtful at this point in time, as long as you have a cpu listed on the status page as supported. You're more likely to brick your motherboard if you use the bios method, but this method is nice as you can remove the TCP/IP stack from your UEFI bios, amongst other nasties if they are there like computrace, too.