Yeah, the real risk of bricking comes when you are playing around with creating your own version of the firmware, or using firmware from untrusted sources.
1 Like
The other risk is applying the firmware for one model/version to another model/version. I think the firmware upgrade script tries to stop you doing that but ā¦
Actually, the EC is the priorityā¦ better to have rgb than neutralization. Iām not happy with that since thatās not my priority nor the reason why i decided to buy a librem instead of other brandā¦ security is my number one priority and rgb is completely accessories.
What about Librem Mini v1 (with Intel Core i7-8565U CPU) - it has disabled and neutralized or just disabled Intel ME?
Also, maybe will be safer to use AMD Ryzen processors instead of Intel processors? Or AMD processors also have backdoors?
AMD systems have a similar thing to the ME, itās called the PSP. Itās worse than the ME in a way because we know almost nothing about what it does, at least with the ME we have some understanding of it.
Not quite true, in the last couple of years there was quite detailed dissection of psp. The problem with psp is just that itās fully signed so you cannot tamper with it (eg neutralize) as it would change signature. But you can still read it for offline analysis and tamper with runtime.
4 Likes
just disabled
1 Like
Okeyās whoās gonna bet with me, that I recieve one ping packet, and that management engine from intel is going to rebounce to main loop again?
Network card is from intel? How do you want to disable it?
Abandon intel developement while itās time, and go workstation AMD processors.
Or ARM based notebook.
Since you canāt disable it and you canāt trust it ā¦ you donāt connect it i.e. no network cable connected to the wired network usable via the humunculus CPU (aka the Intel ME), or indeed not even connected internally. Not much is exfiltrated via ethernet when itās not connected. (Probably different on the L14 c.f. the L13 and L15 but the idea is the same.)
The built-in WiFi in more recent Intel CPUs is more of a worry, albeit not quite a 100% problem yet.
Abandon x86. At the current time, neither of them allows you to build a fully satisfactory computer.
4 Likes
abandon SHIP !!! what ? abandon x86 ? what madness is this ?
I just got a mini desktop ( not a NUC ) with an AMD Ryzen 5 cpu and 16gb ram. What qualifies as a fully satisfactory computer?
Ryzen has the PSP, which functions like the Intel ME, but it canāt be disabled, so it is actually worse than the ME from our perspective.
It can run on 100% free/open source software, like the RaptorCS computers using POWER9 processors. The MNT Reform is pretty close, but it requires a small blob for the DDR timing. Olimex and Pine64 also sell some models that are close to the ideal.
1 Like
What a downer. Just when you think youāre starting to get free. It has Mint 20.1 Cinnamon on it. Does that help?
Forgot to ask but what is the PSP?
So, POWER9 processors donāt have backdoors, like Intel ME and AMD PSP?
Yes.
POWER9 processors donāt have anything like the ME and PSP, but a lot of software hasnāt been compiled for the POWER ISA architecture. Donāt expect to have an up-to-date web browser. I might consider buying a RaptorCS Talos II system for a server, but I donāt think Iād consider it for a personal computer. Honestly, the MNT Reform, OLIMEX TERES I and PINE64 PineBook Pro all look like better choices for most people, and they all publish their schematics, but they are underpowered compared to a standard x86 laptop.
3 Likes
maybe so but even if that AMD APU of yours has the PSP enabled it still has out-of-the-box support for the linux-kernel-amd-iGPU-driver (NOT libre and GNU yet but still open-source enough to just-work)
imo if you are running a GNU/Linux distribution that has support for that APU (debian+non-free/ubuntu/mint/popOS/arch/gentoo/etc.) itās still better than any M$0S variant.