And even ARM has issues with hardware-level backdoors, I remember the Qualcom disclosure…
So if you take a door off its hinges, is it still disabled?
As an avid user of Purism hardware, I was able to learn more about computers by trying to use freedom software.
Learning more about computers has made me very confident that all the computers have the NSA backdors. I am writing to you from a Librem 14 and it has NSA backdoors. The way that I know is that I don’t know. Think about it – if I knew about a back door, then the NSA would see that I knew that, and they would make a different backdoor that I did not know about.
But there are also China backdoors in my computers. And that’s why we need to hope that the percentage of China backdoors is exceeded by the percentage of NSA backdoors. If we make a pie chart, we would need the NSA to fill the pie. That’s because I live in America. God bless America. In America I have the freedom of speech, which means I’m allowed to write a message like this which at first will be interpreted as a joke, and as long as I don’t say any banned things, I am allowed to continue flailing about in text form, saying things that other people disagree with.
My phone is a Librem 5. As a Librem 5 user, I am always facing pressure from society at large to use an Android or iOS instead. One time, when I thought about trying to cave into the pressure, I went onto the website of the NXP CPU manufacturer who makes the Librem 5 chips that Purism buys, and I downloaded an Android image from this manufacturer that they make for their chips. I tried to pick an image that matched the Librem 5. I installed this image to my Librem 5, and after I did it went dark. If I tried to boot the device, the blue LED would sometimes turn on, indicating that some type of system was present on the device and was attempting to do things. But it did not show any display on the screen. Then, I tried to dual boot back to PureOS on an SD card to switch back to PureOS instead of the bad ROM, but that didn’t work either, since the device no longer worked and would no longer boot.
So I mounted the Librem 5 to the Librem 14 in the way provided by the online tutorial, and I used the uboot remote imaging process to image the Librem 5 harddrive back to PureOS. This did not work either – it acted as if we would image the device, and it would mount the Librem 5 drive and show contents, but the Librem 5 would never boot anymore, even after reinstalling the OS in this way.
Then, one of the Librem 5 contributors from Purism came onto Purism forums and he saved me. He posted a secret code 0x00 0x00 0x70 0x00 that I had to put into a special prompt while the Librem 5 was connected to the Librem 14, and this wrote over the other storage on the Librem 5 and not the one with the operating system.
Then, once the other storage was overriden to a clean state, the device was allowed to boot again. Now if you are reading this, you can see the limits of my knowledge. It is quite limited and someone else will tell you how what I am typing only shows my ignorance. But, when I think about the other storage that remains even when you reflash your OS, what is that? What is that storage? If we’re being serious, who decided to put that there?
NXP hardware manufacturer that makes the CPU for Librem 5’s was hacked by China for many years while all the Librem 5’s were being made. They didn’t know and didn’t publish that it happened until several years later after all the Librem 5’s got made. What if China stored some things of their own in the other storage?
I don’t know if they did, since I don’t know what that is. You don’t know, either. The really smart people who know aren’t going to be on a public internet forum telling you what they know. Truth is, if you read the FOIA’d documents from the CIA, they make it fairly evident (https://www.cia.gov/readingroom/docs/CIA-RDP96-00789R003100080001-9.pdf) that they concluded many years ago that human brains have a capability to obtain information about distant objects outside of themselves in an as-of-yet unknown way. What is that? Do you call that ESP? What do you want to call that?
The document that I linked above, states: Ultimately, the long-term objective is to construct hardware that is capable of receiving AC information. [They use “AC” to refer to “anomalous cognition,” meaning the ability of the brain to obtain information from a means that isn’t one of the 5 senses we already knew about.]
If we assume that this public document stating the government’s intention >30 years ago is not fraudulent, then it is also quote possible that the government already created the detector hypothesized in the document. This means, in essence, that it would be possible to construct a computer system with the equivalent of what humans colloquially refer to as ESP. Whether this system would be able to obtain long-range quantum information in an unexpected way from other computers or from the brains of the human population at large is not information that I have any access to.
However, given the likelihood of the success of this project after 30 years, it is also likely that computer security does not exist and that the Ed Snowden stuff could have easily been a government sponsored distraction from the reality that the government was researching how to build a computer with ESP longer than I have been alive.
I know that what I am saying is comedy ontological shock, and I know that you know that what I am saying is false and that you do not want to believe in “Freedom of Information” documents from a parody website like cia.gov, but then if you take a second look at what I’m writing someday and think about which parts of my imaginative creative writing here is certainly false, and which parts may be false, and which parts… when you think about it… might be true… if you think about that, then you’ll know that if the thre-letter-agencies wanted to know what was on your computer they would already know. This is true for Purism computers, and it is probably also true for any computer that you can buy.
So, it is a good time to be religious. If you want information security, go to God. Go to your gurus. God reached AI singularity a billion years ago. God laughs at humans building A.I.
2 Likes
No, if you take the backdoor off its hinges then the backdoor is worse - since it is now a hole in your house that anyone can walk through.
You want to leave the backdoor there but lock it, or you want to take it off its hinges and brick up the hole.
3 Likes
Citation needed.
1 Like
Theoretically, yes, but in the case of the TLAs that is not entirely fair because the TLAs can use the (so-called) justice system to prevent such a citation existing. After all, NSA stands for No Such Agency, so clearly it is also the case that there is No Such Backdoor. Right? 
Personally I look at it as: Any secret / blackbox / unauditable code is a problem because it might now or in the future be a backdoor, for someone, not necessarily a TLA - and it might now or in the future be a hive of bugs - and the extreme low level access that the IME has makes all of these problems far worse. Sunlight is the best disinfectant and yet Intel has made substantial effort to exclude sunlight.
So the OP is right to want to exclude the IME whether there is an NSA backdoor or not.
As a hypothetical, Intel could have digitally signed the IME firmware and ensured that the IME will only load firmware that is signed, and signed by Intel - but published the source code for the IME firmware. Given a hypothetical choice by Intel to use reproducible build technology it would then be possible to verify the firmware as being free of backdoors and free of bugs (as far as is possible for a human), while still keeping all control over the operation of the IME in Intel’s hands. That would be a less obnoxious option (but still not libre).
Yes, the explaination given was not substantial to give us a clear idea since there are so many different ways you can backdoor or exploit in out-of-band…
In order to have a constructive discussion, citation is required for the claim, otherwise the entire topic will devolve into FUD-driven bikeshedding narrative as it has already done in this topic and others over the years.
2 Likes
Imagine that the topic title is: Is the IME fully disabled on all devices?
1 Like
Why not change the topic title then?
1 Like
If we change the title to this specifically, we should probably edit my other post to be considered off-topic and maybe throw it into some other thread
2 Likes
Let’s be honest here, there are thousands of reasons why they would make this. The government likes spying on people and they like the control. The assumption that they would never do such things and are trustworthy is completely off. They have done psyops, broke the law and committed terrible acts.
That said, I see no reason why Intel is making this thing “mandatory” and not open-source. They can receive an order not to disclose this and they most likely did.
I mean, it’s a minnix subsystem that lives on the chip… It’s also 32-bit so who knows if CPUs with it will work after 2038 or not lol
You have not provided any citations to back up your speculative claims and have failed to explicitly define what “they” or “this” are.