Hacker News new | ask | show | jobs
by codedokode 1166 days ago
Because I don't need uncontrolled backdoors in my PC. By the way, my laptop has an option to disable PSP in BIOS but I don't understand how it works because PSP is still visible on the PCI bus as "encryption controller".

> It's a trusted execution environment

It is "trusted" only by manufacturers and cannot be controlled by the user. Why cannot it be controlled by the user? Probably because it is intented to be used as a backdoor or to report users who install pirated software, or download unapproved materials etc.
1 comments
Dalewyn 1165 days ago
>Why cannot it be controlled by the user? Probably because it is intented to be used as a backdoor or to report users who install pirated software, or download unapproved materials etc.

I have a simpler answer that doesn't require inherent malice: To keep out hostiles that have control over the computer, be that virtually or physically. You can't compromise what you can't access.

Personally, I understand the concerns behind ME and PSP and am not particularly concerned. I trust Intel and AMD to not fuck with me, else why would I buy their processors? If I don't trust the ME/PSP because I don't trust Intel/AMD, I certainly can't trust the rest of their processors either.

link
codedokode 1165 days ago
There are several points that make all this look suspicious:

- first, ME/PSP do not follow minimum privileges principle. They have access to DRAM and network interfaces, so they can bypass restrictions set by OS and firewall. Does that make system more secure? I would say it is the opposite. They make the system less secure: for example, if there is a vulnerability in those modules then the whole system can be compromised and it will be difficult to detect using antivirus products.

- second, firmware for ME/PSP is encrypted. Why is it done so? To prevent user from knowing what it does. Why am I not allowed to know how my computer works?

Based on this, I can assume that intended purpose of this "trusted" modules is to implement user-hostile features like: DRM, software license checking, reporting illegal content, device fingerprinting, providing unauthorised remote access and so on.

link
badsectoracula 1165 days ago
> else why would I buy their processors?

To run software that require them?

link