From owner-freebsd-questions@freebsd.org Sat Jan 13 02:38:47 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8F621E6A0BD for ; Sat, 13 Jan 2018 02:38:47 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mout.kundenserver.de (mout.kundenserver.de [217.72.192.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mout.kundenserver.de", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EA79B6D877 for ; Sat, 13 Jan 2018 02:38:46 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from r56.edvax.de ([92.195.18.98]) by mrelayeu.kundenserver.de (mreue103 [212.227.15.183]) with ESMTPA (Nemesis) id 0LdL6H-1fI0hG07If-00iVmA; Sat, 13 Jan 2018 03:33:31 +0100 Date: Sat, 13 Jan 2018 03:33:30 +0100 From: Polytropon To: JD Cc: FreeBSD Users Subject: Re: The Intel Management Engine: an attack on computer users' freedom Message-Id: <20180113033330.a9b37f9c.freebsd@edvax.de> In-Reply-To: <5A5918C9.4060200@gmail.com> References: <5A5918C9.4060200@gmail.com> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K0:FH5bQ4xne6z/i54SC39ZX6MQBkfhCe/eIieWnlFqj1mtKEyQvA/ lufg0tixyMuVXVKElLISQTBaf/2afd/iDDVKp9mLaUfN9s3r0vcp+GbNF+geDmly6rMOTkR tG1bqbbdK65RPcobTLHOiWe9R0FqO9U+lObW+X2A4bpY2bXhME64poJPwuiJNnubZlJ5uoj S73ipY9cU2GO4CUhZAn4w== X-UI-Out-Filterresults: notjunk:1;V01:K0:vEbGvh0CgDw=:kioUu3hmvf6Tw/XPHgJP0Q vjRyZ6dSvwj/BEVQGM4O832+Y/4BkRINn9yLbg9+hexsLIOCeaJJMaXGu5v9pb9xdEl93vZs+ zc6BzShH6JW6rX/1u0fE75rFrry6AyJDaHN6wnYUE6DhxSbZZ9v6qpQlBhmZPSMs0fBfrFIN9 4/f8VW8hD7vog5KeLkPTbFw1/hOiW+7eWINXQkTsDtH83K7xgbEw+GBE1K/BpbtASzYQ1tdQY n64qhB5oDHV78tOMVi/K3cOWipT+haHUVp2wMP864OujykWachKqlU6pXAVtcICgAAMMV25uj ONf4IjXLEVhhuPgfDtt1fA2FJJ3w6q0rpQT3mdb7R4qqhnoOXeYbYjtqBtdh/q2pAuMxtumxZ gmS6x1VIY1i0rjEaqB7CdWVMNVWXVY8BcxItpqboK3gSsTEiQXXxMI5ZOgwr27qXedc+zYVSC oHKaR6r0k0jOg7NahUSflk2EDFQhnPMBZL9JwzFq7xuLDIU9v92jnaIEhfLIw01Swdp1LU596 eLuJn5BuzYCcLVMav+1qboSlAJYPtN4xsiVTPyW7JfDafFzjS2tP6ImNVL1LU1UcliKOJYMmO bzuIck0INX6FAzdKjDz/7Tjc95BQt7U0krZ2POdqa26mO+PsFwUklyHVtxAhSEVJ3mkfu0iwm QT6HqATCi8SkYtQ3ICwlQBdnpXEVFTwsS5Sfy8SXhlR6KN5k2w4+0rr1niSe8uIQYyU8UORpg zMTYxz3p77iIeXmPBz9RpNPL1tUVWNo5iCKzx0O3DU8AxIK73Yn5z39Pbow= X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Jan 2018 02:38:47 -0000 On Fri, 12 Jan 2018 13:21:29 -0700, JD wrote: > Will *-BSD distro OS'es be able to defeat or disable this attack? Regarding the Spectre and Meltdown attacks, please refer to the discussion which already took place on this list and on others (check the archives). Also see: https://lists.freebsd.org/pipermail/freebsd-security/2018-January/009719.html https://forums.freebsd.org/threads/63985/#post-371432 https://www.freebsd.org/news/newsflash.html#event20180104:01 To see the presence of the ME as an attack is possible. But as it operates way below the OS level, there is not much the developers of the BSDs can do about that. _You_ need to take action. One option is to remove devices that have Intel ME from your installation and replace them with devices that don't. Additionally take into mind that "below OS" hardware and soft- ware / firmware is also present in smartphones, in hard disks, and in USB sticks - nearly everywhere. What can anybody do about this? Not much, sadly... This illustrates that you can hardly avoid closed-source technology that is effectively in control of your hardware without any OS interfering. Further information about Intel ME details from 2017's 34C3: Maxim Goryachy and Mark Ermolov: Inside Intel Management Engine https://media.ccc.de/v/34c3-8762-inside_intel_management_engine http://cdn.media.ccc.de/congress/2017/h264-sd/34c3-8762-eng-deu-Inside_Intel_Management_Engine_sd.mp4 Igor Skochinsky and Nicola Corna: Intel ME: Myths and reality https://media.ccc.de/v/34c3-8782-intel_me_myths_and_reality http://cdn.media.ccc.de/congress/2017/h264-sd/34c3-8782-eng-deu-fra-Intel_ME_Myths_and_reality_sd.mp4 -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...