Hacker News new | ask | show | jobs
by ryao 3777 days ago
Intel controls the keys for the management engine and other bits that are vectors for back doors:

https://libreboot.org/faq/#intel

The Snowden leak claimed that the NSA had special Intel chips, but no one has ever claimed Intel did a special production run. However, if they stole Intel's signing keys and internal documentation, they could just reflash the existing chips and Intel would not need to know a thing about it. Anyone who gets their hands on that information would be able to do the same and there is not a thing you can do about it beside using hardware where that is not possible.
1 comments
throwaway7767 3777 days ago
I think we're in agreement then. Intel's system does not meet the criteria I set forth in the post you're replying to (since there is only one key, and it's generated out of the owners control). So that's a bad solution. If there were some way for a physically present user to set a new firmware signing key, that would get the benefit without having to throw out any attempt to secure the boot process.

Of course, intel's microcode is not open for scrutiny, so the point is moot there (what would you sign instead?)

The linked project states that having no way to lock the boot process is a benefit. I disagree that it's a feature to advertise, because it's possible to implement in such a way that the user retains complete control. Pointing out bad implementations is not a good answer to that.

link
ryao 3777 days ago
The ME is an embedded device that has its own independent CPU and operating system. Whether Secure Boot is possible is tangential to that. Secure Boot is as relevant to security here as lowering the anchor on the titanic after hitting that iceberg. Whether the measure is in place or not does not actually fix things.
link