[trendia]

No amount of EFI rootkit detection will ever remove the possibility that malicious code is running inside the Intel Management Engine (ME), because code inside the ME would run side-by-side with the bootloader and with unlimited permissions.

Unless Intel provides source code for the ME, it is impossible to 100% know whether unauthorized code is running.

[Kwastie]

Someone at https://puri.sm almost completely removed the ME. https://puri.sm/posts/neutralizing-intel-management-engine-o...

[bobcallme]

What's with the free advertising? They were not the ones to do the original work with coreboot or removing the non important parts of the ME. If anything, Purism has lied, taken credit for other peoples work and given people a false sense of "privacy" and "security". "Almost completely removed the ME" is not good enough and there is way too much room to do malicious things.

[Relys]

.

[jjawssd]

What's your point? Is it that exploit developers are not compensated financially for their work? Exploit developers should find a better business model than their current one. This guy was able to take freely available exploit knowledge and monetize it. If the parties responsible for creating the exploit feel they have some sort of IP claim against them, they should sue. If exploit developers wish to release exploit details for free then the best they can wish for is charity.

[bobcallme]

You missed the point. It is all about giving credit to those who do the work and make discoveries. It is in poor taste to exploit people in the case of taking their work and not giving any credit to those that made their business model possible.

[mike-cardwell]

Even if Intel gave you the source code, you still wouldn't know if there was any unauthorised code running.

[Taek]

Reproducible builds is a very important part of knowing you are secure, and in the absence of that at least being able to flash on your own compilation.

[hdhzy]

Well even with reproducible builds how do you check what actually is running there? That'd be the ME reporting "I'm running version X" without a way to really verify it. Also if you flashed it you cannot be 100% sure there is no other component that is still running a rootkit.

[schoen]

Good analysis of this issue in Halvar Flake's https://www.slideshare.net/hashdays/why-johnny-cant-tell-if-... ("Why Johnny can't tell if he is compromised").

[ams6110]

Or Ken Thompsons's Reflections on Trusting Trust.

[sschueller]

Is there any reason Intel would not open source that code? It not like it will run on other hardware?