Hey everyone! I am wondering if the backdoors mentioned in the title are fully blocked. Like, is there even a 1% chance that they could use Radio Frequencies and the CPU backdoor trick. Also, are any other components known to have this?
1 Like
X86 and Linux are backdoors enablers, however Purism_Technologies try to slow down this backdoors.
1 Like
Yeah, but to what extent did they block it?
1 Like
Purism pcb_layouts, dedicated controller, dedicated software, dedicated firmware.
2 Likes
As far as the CPU is concerned, it’s a yes and no… Let’s be real, if they want to get into something, they’re getting into it. IME disabling only removes 80-95% of the IME because there is a portion required to make the CPU function. While Intel’s management engine is a prominent backdoor, I doubt (depending on what hardware is present) that it’s the only hardware-level backdoor. That’s part of the reason for Purism’s hardware isolation (as Carlos mentioned). Nothing is foolproof or 100% secure, so knowing what is secure and to what degree helps you decide just what do do with that device, or where it sits on what network (or any network for that matter).
3 Likes
Thanks! Are there any companies that produce hardware that isn’t backdoored. I mean, I really don’t want someone invading my privacy whether it be the NSA or the CIA or whatever 3-letter psyop organizations they have.
2 Likes
Google and Meta are probably more real and present dangers for most people.
(And they’re only two of an ever-expanding list of Tech threats.)
6 Likes
That Talos mainboard thing requires Power9 processors? Do they have this backdoor too?
1 Like
No backdoor and granted a extreme control and freedom. There are not other computer with this high degrees of security and privacy.
I am using power9+artic plus Gnu Trisquel 12. Best libre desktop computer 2024 | Coreboot, Libreboot, Gnuboot - #15 by carlosgonz
2 Likes
It’s likely either directly or indirectly nearly everything is compromised to some degree.
3 Likes
But Purism Librem 14 also granted decent level of privacy and security. Kudos for Purism!
Thats why i own one too.
2 Likes
I have just read that Purism claims to have fully disabled the ME. Is this true?
2 Likes
There are parts of the management engine that would break the CPU if removed. Nuking the most they can is all that can be done. And ME-Cleaner exists as well… But honestly, it’s an issue in regards to Intel as a company and supplier over a problem with Purism. They cleaned the vast majority of the Management engine. It’s a black-box so it’s not like nuking the ME region is easy, there is a lot of it that we just can’t read.
Yeah, i understand completely regarding the neutralizing part, but they claim to have disabled it, like, it does not run at all?
1 Like
No, IME is completely disabled, if you tried to use IME on a laptop with it disabled it would fail to be functional… However, it is black-box software…
1 Like
Yes Librem 14 it has Intel ME(Minix microcontrollEr) fully disabled(off permanent) by an easter egg mode: HAP.
1 Like
It’s more complicated than that.
On earlier Intel CPUs it was possible to junk part of the IME code (let’s say 80-95%) and Purism did that.
On more recent Intel CPUs it is not possible to junk any part of the IME code. That is, the IME code is a monolithic whole.
Separate to that … on all Intel CPUs used in Purism devices it is possible to halt the IME. This is the HAP bit that carlos refers to. (However it is my expectation that eventually Intel will get rid of that option even, if that has not already occurred.)
How you analyse that into potential threats is difficult.
For example, the Intel CPU microcode is an updateable potential backdoor.
But then the Intel CPU itself is a non-updateable backdoor, potentially.
And, yes, then there’s all the other silicon in the chipset (of which there is a lot!).
But is it really provably free of backdoors?
I guess it’s reasonably solid that it is free of Intel backdoors, which is what the OP asked about, but are Intel’s backdoors better or worse than IBM’s?
1 Like
So, lemme get this straight, Purism then has no possibility of IME being used as a backdoor?
That’s not quite what I wrote.
As @nerd7473 wrote, the IME needs to execute (per Intel’s flawed design) in order for the regular CPUs to boot. Once the regular CPUs have booted, the IME can go to sleep if it has been configured to do so.
There are two problems with this.
a) there is a window of time when the IME does execute, and that is unavoidable (and, as mentioned, it has access to all of its code these days), and
b) just because you tell a processor to go to sleep doesn’t mean that it actually does. (It is possible that a knowledgeable chip designer could conduct tests to see whether the IME is running but for the average customer it is not verifiable.)
In addition, the IME may be the backdoor that you know about but silicon is a blackbox. What is to say that there isn’t a second IME with somewhat different behaviour? Or a third? …
It is however worth looping back to @amarok’s post … Are the TLAs really the biggest privacy threat in your threat model?
In my opinion, Google is easily the biggest threat to global privacy. That doesn’t mean that I even know what the TLAs get up to (and that’s the way the TLAs like it) but Google sets the bar very high.
If Intel dodginess is your biggest concern, maybe you should be using ARM-based computers.
2 Likes