A Guide on Your Options for non-x86 Computers (2017)

Additional operating system/hardware discussion (Windows, Linux, *BSD and others)
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
User avatar
guardian452
Donor
Donor
Posts: 3331
Joined: Tue Aug 21, 2007 10:12 pm
Location: Kentucky, United States
Contact:

Re: A Guide on Your Options for non-x86 Computers (2017)

Unread postby guardian452 » Thu May 04, 2017 7:58 pm

So there was a big hubbub about the ME this week. https://twit.tv/shows/security-now/episodes/610

Since my laptop doesn't have the vPro processor (i7-6500u), doesn't have a built-in ethernet jack (there is one in the dock, through a TB3 bridge etc....), an aftermarket wifi chip, etc, I assume I am pretty well safe. I ran the Intel ME check and I got Error 9260: Unknown or unsupported hardware platform. It's hardly available on "every" PC.

It sounds like the issues come through the use of "professional" PC hardware meant for datacenters etc or large IT centers that require these special remote management features.
INTEL-SA-00075 wrote:This vulnerability does not exist on Intel-based consumer PCs.
Apparentl the machines you or I would buy, Joe Public, don't have this feature in the first place.


It also sounds like a sure way around this problem is to use an AMD system (they still exist :?: :idea: )

Added: Had a look in my BIOS to see, yup, there really is no ME here... (also, apparently phpbb doesn't know how to rotate images properly, LOL. but full screen it is fine)
Attachments
DSC_0290.JPG
Last edited by guardian452 on Thu May 04, 2017 8:35 pm, edited 1 time in total.

User avatar
Raion-Fox
Donor
Donor
Posts: 1225
Joined: Thu Jan 30, 2014 5:01 pm
Location: near King George, Virginia
Contact:

Re: A Guide on Your Options for non-x86 Computers (2017)

Unread postby Raion-Fox » Thu May 04, 2017 8:35 pm

guardian452 wrote:It sounds like the issues come through the use of "professional" PC hardware meant for datacenters etc or large IT centers that require these special remote management features. Our thinkpads at work probably have this even tho we've never used it... would disable it if I could


Not quite. The ME exists on every Intel system since 2008, besides some Atoms, but the role of it is different. The bug here was with the AMT. I ran me_cleaner on my machine to prevent it from being hacked. Unfortunately, the wider world is a bit confused on the issue.

guardian452 wrote:It also sounds like a sure way around this problem is to use an AMD system (they still exist :?: :idea: )


If you get a Bulldozer or before, then yes. But the newer AMDs have the PSP, and while AMD has talked about open sourcing it, it wouldn't solve the problems with it, as they're likely to embed microcode images and still not give out a signing key, so its not like we could disable or replace it.

me_cleaner on a Broadwell or before system is the best option, but make sure its compatible with your machine before you brick something.
:O3x02L: R16000 700MHz 8GB RAM kanna
:Octane: R12000 300MHz SI 896MB RAM yuuka
:Octane2: R12000A 400MHz V6 2.5GB RAM
:Indy: (Acclaim) R4600 133MHz XL Graphics 32MB RAM
:Indy: (Challenge S) R4600 133MHz (MIPS III Build Server)
:O2: R10000 225MHz 256MB RAM 15k 147GB HDD suzuha
Thinkpad W530 i7 3940XM 3GHz, 32GB, K1000M FreeBSD 11/Windows 7 rin
Acer Aspire 5157 (headless) 4GB, FreeBSD 11 kuran
Thinkpad R40 Pentium M 1.5GHz 2GB RAM kasha


Return to “Miscellaneous Operating Systems/Hardware”

Who is online

Users browsing this forum: No registered users and 1 guest