If someone has physical access to the computer would the IME neutralization / disabling etc… be reversible ?
Also, does a properly functioning IME (in any way whatsoever) make it easier for someone with physical access to the computer to bypass ssd full disk encryption (let’s assume the best encryption available) ?
absolutely, one could flash a firmware image with non-disabled ME firmware and it would function as normal.
no, there’s no difference whatsoever, since the ME isn’t used to seed the encryption key
makes sense to ask in the context of these proposed anti-privacy laws that are popping up more and more lately …
Thanks for the quick response. So for a solid privacy setup the idea would be to have a Librem computer to guard against remote access and then combine with ssd full disk encryption in case someone gains physical access (maybe add Librem key too)?
Those are the two main “armors” right ? I know you can also add firewall / router defenses but is there anything else one can do that has as big an effect as combining IME disabling / neutralization and encryption?
BIOS and EC flash chip write protection with a hardware switch: