Is the Intel ME (NSA b/door?) fully disabled on all devices?

It’s more complicated than that.

On earlier Intel CPUs it was possible to junk part of the IME code (let’s say 80-95%) and Purism did that.

On more recent Intel CPUs it is not possible to junk any part of the IME code. That is, the IME code is a monolithic whole.

Separate to that … on all Intel CPUs used in Purism devices it is possible to halt the IME. This is the HAP bit that carlos refers to. (However it is my expectation that eventually Intel will get rid of that option even, if that has not already occurred.)

How you analyse that into potential threats is difficult.

For example, the Intel CPU microcode is an updateable potential backdoor.

But then the Intel CPU itself is a non-updateable backdoor, potentially.

And, yes, then there’s all the other silicon in the chipset (of which there is a lot!).

But is it really provably free of backdoors?

I guess it’s reasonably solid that it is free of Intel backdoors, which is what the OP asked about, but are Intel’s backdoors better or worse than IBM’s?

So, lemme get this straight, Purism then has no possibility of IME being used as a backdoor?

That’s not quite what I wrote.

As @nerd7473 wrote, the IME needs to execute (per Intel’s flawed design) in order for the regular CPUs to boot. Once the regular CPUs have booted, the IME can go to sleep if it has been configured to do so.

There are two problems with this.

a) there is a window of time when the IME does execute, and that is unavoidable (and, as mentioned, it has access to all of its code these days), and

b) just because you tell a processor to go to sleep doesn’t mean that it actually does. (It is possible that a knowledgeable chip designer could conduct tests to see whether the IME is running but for the average customer it is not verifiable.)

In addition, the IME may be the backdoor that you know about but silicon is a blackbox. What is to say that there isn’t a second IME with somewhat different behaviour? Or a third? …

It is however worth looping back to @amarok’s post … Are the TLAs really the biggest privacy threat in your threat model?

In my opinion, Google is easily the biggest threat to global privacy. That doesn’t mean that I even know what the TLAs get up to (and that’s the way the TLAs like it) but Google sets the bar very high.

If Intel dodginess is your biggest concern, maybe you should be using ARM-based computers.

And even ARM has issues with hardware-level backdoors, I remember the Qualcom disclosure…

So if you take a door off its hinges, is it still disabled?

As an avid user of Purism hardware, I was able to learn more about computers by trying to use freedom software.

Learning more about computers has made me very confident that all the computers have the NSA backdors. I am writing to you from a Librem 14 and it has NSA backdoors. The way that I know is that I don’t know. Think about it – if I knew about a back door, then the NSA would see that I knew that, and they would make a different backdoor that I did not know about.

But there are also China backdoors in my computers. And that’s why we need to hope that the percentage of China backdoors is exceeded by the percentage of NSA backdoors. If we make a pie chart, we would need the NSA to fill the pie. That’s because I live in America. God bless America. In America I have the freedom of speech, which means I’m allowed to write a message like this which at first will be interpreted as a joke, and as long as I don’t say any banned things, I am allowed to continue flailing about in text form, saying things that other people disagree with.

My phone is a Librem 5. As a Librem 5 user, I am always facing pressure from society at large to use an Android or iOS instead. One time, when I thought about trying to cave into the pressure, I went onto the website of the NXP CPU manufacturer who makes the Librem 5 chips that Purism buys, and I downloaded an Android image from this manufacturer that they make for their chips. I tried to pick an image that matched the Librem 5. I installed this image to my Librem 5, and after I did it went dark. If I tried to boot the device, the blue LED would sometimes turn on, indicating that some type of system was present on the device and was attempting to do things. But it did not show any display on the screen. Then, I tried to dual boot back to PureOS on an SD card to switch back to PureOS instead of the bad ROM, but that didn’t work either, since the device no longer worked and would no longer boot.

So I mounted the Librem 5 to the Librem 14 in the way provided by the online tutorial, and I used the uboot remote imaging process to image the Librem 5 harddrive back to PureOS. This did not work either – it acted as if we would image the device, and it would mount the Librem 5 drive and show contents, but the Librem 5 would never boot anymore, even after reinstalling the OS in this way.

Then, one of the Librem 5 contributors from Purism came onto Purism forums and he saved me. He posted a secret code 0x00 0x00 0x70 0x00 that I had to put into a special prompt while the Librem 5 was connected to the Librem 14, and this wrote over the other storage on the Librem 5 and not the one with the operating system.

Then, once the other storage was overriden to a clean state, the device was allowed to boot again. Now if you are reading this, you can see the limits of my knowledge. It is quite limited and someone else will tell you how what I am typing only shows my ignorance. But, when I think about the other storage that remains even when you reflash your OS, what is that? What is that storage? If we’re being serious, who decided to put that there?

NXP hardware manufacturer that makes the CPU for Librem 5’s was hacked by China for many years while all the Librem 5’s were being made. They didn’t know and didn’t publish that it happened until several years later after all the Librem 5’s got made. What if China stored some things of their own in the other storage?

I don’t know if they did, since I don’t know what that is. You don’t know, either. The really smart people who know aren’t going to be on a public internet forum telling you what they know. Truth is, if you read the FOIA’d documents from the CIA, they make it fairly evident (https://www.cia.gov/readingroom/docs/CIA-RDP96-00789R003100080001-9.pdf) that they concluded many years ago that human brains have a capability to obtain information about distant objects outside of themselves in an as-of-yet unknown way. What is that? Do you call that ESP? What do you want to call that?

The document that I linked above, states: Ultimately, the long-term objective is to construct hardware that is capable of receiving AC information. [They use “AC” to refer to “anomalous cognition,” meaning the ability of the brain to obtain information from a means that isn’t one of the 5 senses we already knew about.]

If we assume that this public document stating the government’s intention >30 years ago is not fraudulent, then it is also quote possible that the government already created the detector hypothesized in the document. This means, in essence, that it would be possible to construct a computer system with the equivalent of what humans colloquially refer to as ESP. Whether this system would be able to obtain long-range quantum information in an unexpected way from other computers or from the brains of the human population at large is not information that I have any access to.

However, given the likelihood of the success of this project after 30 years, it is also likely that computer security does not exist and that the Ed Snowden stuff could have easily been a government sponsored distraction from the reality that the government was researching how to build a computer with ESP longer than I have been alive.

I know that what I am saying is comedy ontological shock, and I know that you know that what I am saying is false and that you do not want to believe in “Freedom of Information” documents from a parody website like cia.gov, but then if you take a second look at what I’m writing someday and think about which parts of my imaginative creative writing here is certainly false, and which parts may be false, and which parts… when you think about it… might be true… if you think about that, then you’ll know that if the thre-letter-agencies wanted to know what was on your computer they would already know. This is true for Purism computers, and it is probably also true for any computer that you can buy.

So, it is a good time to be religious. If you want information security, go to God. Go to your gurus. God reached AI singularity a billion years ago. God laughs at humans building A.I.

No, if you take the backdoor off its hinges then the backdoor is worse - since it is now a hole in your house that anyone can walk through.

You want to leave the backdoor there but lock it, or you want to take it off its hinges and brick up the hole.

Citation needed.

Theoretically, yes, but in the case of the TLAs that is not entirely fair because the TLAs can use the (so-called) justice system to prevent such a citation existing. After all, NSA stands for No Such Agency, so clearly it is also the case that there is No Such Backdoor. Right?

Personally I look at it as: Any secret / blackbox / unauditable code is a problem because it might now or in the future be a backdoor, for someone, not necessarily a TLA - and it might now or in the future be a hive of bugs - and the extreme low level access that the IME has makes all of these problems far worse. Sunlight is the best disinfectant and yet Intel has made substantial effort to exclude sunlight.

So the OP is right to want to exclude the IME whether there is an NSA backdoor or not.

As a hypothetical, Intel could have digitally signed the IME firmware and ensured that the IME will only load firmware that is signed, and signed by Intel - but published the source code for the IME firmware. Given a hypothetical choice by Intel to use reproducible build technology it would then be possible to verify the firmware as being free of backdoors and free of bugs (as far as is possible for a human), while still keeping all control over the operation of the IME in Intel’s hands. That would be a less obnoxious option (but still not libre).

Yes, the explaination given was not substantial to give us a clear idea since there are so many different ways you can backdoor or exploit in out-of-band…

In order to have a constructive discussion, citation is required for the claim, otherwise the entire topic will devolve into FUD-driven bikeshedding narrative as it has already done in this topic and others over the years.

Imagine that the topic title is: Is the IME fully disabled on all devices?

Why not change the topic title then?

If we change the title to this specifically, we should probably edit my other post to be considered off-topic and maybe throw it into some other thread

Let’s be honest here, there are thousands of reasons why they would make this. The government likes spying on people and they like the control. The assumption that they would never do such things and are trustworthy is completely off. They have done psyops, broke the law and committed terrible acts.

That said, I see no reason why Intel is making this thing “mandatory” and not open-source. They can receive an order not to disclose this and they most likely did.

I mean, it’s a minnix subsystem that lives on the chip… It’s also 32-bit so who knows if CPUs with it will work after 2038 or not lol

You have not provided any citations to back up your speculative claims and have failed to explicitly define what “they” or “this” are.

That is certainly a worthwhile question in respect of the IME.

Note that many 32-bit environments have been upgraded to support a 64-bit time API. So it is not guaranteed that every 32-bit system that depends on time will fail in 2038.

I did a quick audit of Intel-based computers that I have kicking around. Some of them even predate the use of MINIX in the IME. So in 13 years time, if any of the older computers are still in use (still function at all), I may have a two-part Intel ME problem.

However you do need to ask the more fundamental questions:

• does the IME have access to time at all?
• does the IME depend on the time?

and by time here of course I mean wall-clock time. Really primitive devices don’t have access to wall-clock time at all and simply use “time since boot”, which is far far less likely to suffer from 32-bit time overflow and in any case if the device does “overflow”, then a reboot will solve the problem.

Has anyone asked Intel whether it’s a problem and if so in which CPU generations?

If the IME does die in 2038 then there are going to be a great many dead computers, for no good reason, and it will just show how sucky it is that the IME is the blackest of blackboxes. (In that scenario, I suspect that all Purism Intel-based devices would be affected.)

I think that MINIX is open source, so you should be able to go some of the way towards answering your own question. However MINIX is dead - so you could only answer as at the date of death, and it is an unknown when and whether Intel has forked MINIX and/or is making any updates if such updates were necessary.

It is fully free of backdoors, however if user install Linux system on Raptor it may enable backdoors.

Intel and even worse AMD are huge backdoors enablements than IBM.

Returning to Librem 14, Purism used a heavy mode to disable ME, howerver the ME firmware and layout still on Bios, plus Linux it has MEI driver to managements this backdoors.

Can we use ME cleaner on CoreBoot or is it just useless?