[jchw]

Any big corporation with security competence is going to seriously care about the security of their corporate and production fleet; the stakes for securing systems only ever increases over time, and threats are only getting more sophisticated. So you don’t necessarily need to believe in the altruism of a corporation to see why their interest in secure computing at lower levels of the stack may actually line up with user’s interests more or less.

But honestly, the best argument here is don’t trust anyone; In theory anyone can inspect the source code and binaries for Corebooted devices. It’s not perfect and there’s obviously cases where you can never be 100% sure there’s no tricks, but IMO it’s still a lot better than the alternative of having roughly the same drawbacks but no visibility.

I’m not sure where this fits in in the grand scheme of things though, because in all honesty trust in computing seems like it’s an unending rabbit hole ripe for abuse. Intel ME may even have been born with genuinely good intentions, but I do think it’s secretive, blackbox nature is the absolute worst part of it all.

(Obligatory disclaimer, I work for Google, all of these opinions are just my personal opinions.)

[ajxs]

> ...you don’t necessarily need to believe in the altruism of a corporation to see why their interest in secure computing at lower levels of the stack may actually line up with user’s interests more or less.

Of course. We're not talking about just any corporation here though, not even just any hardware manufacturer. You're right that security is in everyone's interests. My mentioning Google is referencing a company whose business consists of collecting and marketing information on their users. I think this changes the risk profile somewhat.

> ...In theory anyone can inspect the source code and binaries for Corebooted devices...

Pardon me if there's a big hole in my understanding of firmware RE, In reference to the Coreboot'ed Chromebooks, it sounds like this should read "anyone can inspect the source code and binaries of Coreboot". We still have to take at face value what firmware is actually installed on a device. I don't mean to sound nitpicky or mean, I just think that Google's motivations warrant extra scrutiny. I agree with your sentiments overall.

> ...Intel ME may even have been born with genuinely good intentions...

This might be the case, but the way Intel has treated the topic could not possibly foster any kind of trust with its user-base. Also, these features offer extremely little to the average user. I'd like to be corrected on this if I'm wrong, what does Intel ME actually do for a user like myself? Surely it would lower costs in a non-trivial way to just remove it for non-corporate customers if the intentions were even the least bit genuine.

[ganzuul]

Is Google at risk because of this? I have consolidated all my private stuff to only Google instead of spreading it all over FB, MS, Apple, and other vendors.

[jchw]

At risk because of Intel ME/integrity based attacks? I simply don’t know. I assume the risk is managed some way or another, probably a lot with network security. I personally was more bothered by CPU vulnerabilities, and there’s also the looming threat of DRAM vulnerabilities, but for now it seems like almost anything can be effectively mitigated at some cost.