We all know about the back doors in newer Intel processors, but the question is, are there back doors to the extent of Intel's in Ryzen CPUs?
We all know about the back doors in newer Intel processors, but the question is...
Other urls found in this thread:
libreboot.org
freedom-to-tinker.com
localhost:8732
arstechnica.com
youtube.com
theregister.co.uk
m.youtube.com
m.youtube.com
blog.ptsecurity.com
reddit.com
yro.slashdot.org
github.com
puri.sm
fsf.org
arstechnica.com
thinkwiki.org
zdnet.com
twitter.com
Yes.
Yes.
libreboot.org
All modern hardware is compromised so you might as well get used to it.
Platform Security Processor (PSP) also runs a closed source blob with Ring 0 execution and access to all resources. Similar to Intel ME the AMD PSP has it’s own network stack which bypasses the host OS firewall via direct hardware access to all device radios (because the CPU now contains the north bridge).
can someone remind me what that feature/component in intel processors is that can activate your PC when it's in sleep mode and uses your network among other things.
Raptor Engineer’s Talos Secure Workstation runs Debian and uses IBM’s Open Power 9. It is endorsed by the Libreboot project.
Intel ME (Management Engine)
ARM has TrustZone
AMD has PSP
OpenPower9 has nothing (secure)
RISC-V has nothing (secure but unreleased)
Yeah, the NSA forced all of them to put backdoors in their hardware.
Same thing happened with Linux kernel.
freedom-to-tinker.com
> AMD PSP has it’s own network stack which bypasses the host OS firewall via direct hardware access to all device radios (because the CPU now contains the north bridge).
It doesn't even matter if you disable the driver, or not.
localhost:8732
>Yeah, the NSA forced all of them to put backdoors in their hardware.
Open Power was the exception, because it would have been illegal for IBM to open source the encryption along with it.
How many times do we need to do this?
EVERYTHING IS A BOTNET.
Because it runs it’s own operating system which wraps the host OS (can conceptualize as ring -1) inside of the CPU changing your host OS software has no effect on the functionality of the PSP. It is a complete black box exactly like the Intel ME.
Everything proprietary is a botnet.
Open Power 9 is fine
RISC-v is fine.
Core 2 quad and older is fine
New Intel machines where you’ve flashed Coreboot and me_cleaner.py + HAP disable mode are also fine.
Libreboot is FOSS
OpenPower9 boot is FOSS.
Nothing proprietary here.
I just wanted to pint out that ryzen owners are allready dealing with their pcs being publicly available online at localhost:8732
And the suppossed fix is to disable the psp drivers.
You can run an arbitrary boot like Coreboot since there is no boot checksum so if you don’t trust them we could just use something other than the FOSS boot stack they provide.
/* Read type and payload length first */
hbtype = *p++;
n2s(p, payload);
pl = p;
...
/* Enter response type, length and copy payload */
*bp++ = TLS1_HB_RESPONSE;
s2n(payload, bp);
memcpy(bp, pl, payload);
bp += payload;
a backdoor to what exactly? everything? read what's on my hard drive, etc.?
arstechnica.com
Same thing applies to Intel ME except the public found a LAN accessable exploit in it that allowed full display and peripheral access (emulate mouse & keyboard remotely). Happily the exploit was patched now so clearly no intelligence agency would have access to the same functionality via a backdoor right user? Right?
Yes, everything even if the computers turned off.
Access to read display, execute arbitrary code in ring 0 (highest privilege ring same as root), read/write to cache RAM and disk, can emulate arbitrary USB peripherals and human interface devices.
Red pill here:
youtube.com
I libreboot, so it doesn't concern me. Everyone knows about intel ME, but for some reason AMD's version is not to well known.
theregister.co.uk
PT security (same guys who found the NSA HAP kill switch in Intel ME) are showing an exploit they developed for “god mode” remote arbitrary code execution on any modern Intel system at BlackHat Europe 2017.
Your phone has the same thing even if you run AOSP. It is called ARM TrustZone.
Can someone explain to me why the manufacturers do these things?
I mean what is the reason behind the ME or PSP? Are they necessary in the sense that they assist the cpu in some way, or provide additional functions to improve performance?
>Your phone has the same thing even if you run AOSP. It is called ARM TrustZone.
My phone doesn't, but yea almost every phone does.
Businesses ask for a way to remotely lock down or wipe computers and Big Media asks for more ways to lock down content consumption in computers.
Intel/AMD/ARM promptly deliver.
Not POWER9
>I mean what is the reason behind the ME or PSP? Are they necessary in the sense that they assist the cpu in some way, or provide additional functions to improve performance?
They provide the backdoors, and the reasoning is that enterprise wants them. If that were the case though then these features could easily be moved onto the motherboard, and enterprise consumers could then just purchase the boards with that feature.
National security letter forced Yahoo to backdoor their email service, forced lava but to do the same, forced Google to do the same, etc.. gag orders under threat of jail time to keep companies quiet.
Marissa Mayer (former Yahoo CEO) on record after Snowden leaks here saying if she refused to give the backdoor or talked about it that she would be sent to jail:
m.youtube.com
Businesses and the NSA want backdoors. Their official reason only mentions businesses though.
Lavabit*
Same thing happened to the CEO of Quest communications (phone company except he actually went to jail after refusing to backdoor his company’s telecom infrastructure)
m.youtube.com
It's fairly reasonable to expect that if a company gives their employees computers that they can retain control of them and not have their employees flash libreboot and encrypt everything. It's not to spy but because fired employees are reluctant to give out passwords.
Explain to me why there is a proprietary operating system with a LAN accessible service for remote access to all resources which can execute arbitrary code as root in my home PC and laptop which has nothing to do with a company I work for.
The excuse that ME needs to be in everything and have full control of everything with no off switch is total bullshit (Ssssh don't talk about the kill switch discovered by PT Security where you flip a single bit to enable HAP disable mode you aren't supposed to know about that).
surely enterprise security features need to be in my home PC which has nothing to do with a business and there could be no possible legitimate reason for disabling that feature.
Surely the NSA would not have an undocumented feature built into the Intel ME which fully disables the backdoor for their own systems which.
blog.ptsecurity.com
Oh wait I guess they do.
Well clearly the NSA wants them in all machines. Apart from their own of course.
Hence the backdoor.
The technical capability to use the ME as an attack surface for the most potent root kits imaginable has been demonstrated. The remote exploitation for has been demonstrated. The kill switch has been demonstrated.
It is a blatant backdoor now and everyone knows it. There is no sense in pretending this is about enterprise features which somehow need to be in every single home computer and laptop anymore.
They can get access to everything regardless of your OS. They don't want it in their own machines and they want it in yours.
Because for years nobody cared about AMD.
The irony is that AMD could be potentially more friendly to these concerns. I know that they use a propietary OS to make their PSP work, but they also have expressed interesed on talking with legal to do something about it.
With sufficient pressure AMD could not release the PSP source code, but an "specification" to re implement it on a Mit licensed l4 kernel.
I hope that a movement awakes the awareness of that PSP issue on enterprise and pressures AMD to solve it.
That even could benefit AMD and damage Intel again.
They "considered" releasing the source code. On Reddit the users said the issue had "CEO level attention". I talked to their engineers about it more than once at different events.
They since decided they "have no plans to release the source".
PSP source release has "CEO level attention":
reddit.com
most recent news on AMD's decision "no plans to release PSP source":
yro.slashdot.org
Duh.
Could be AMD pressured?
It is an NSA issued national security letter. Same as what happened with Yahoo and Qwest where they had to do put backdoors into their services under threat of jail time and couldn't talk about what they had done (also under threat of jail time) which was blown wide open after Snowden.
Does something like libreboot actually resolve this issue?
I'm just saying that enterprise has a legitimate reason to backdoor systems that they own. They paid for the systems, they're used to generate revenue for the enterprise, it's a way of protecting their assets.
The NSA also having access to the backdoor means that they own all the computers too. Even though you paid for them, the NSA owns them. Through this the NSA turns you and your life into an asset, another piece of property to be used up and thrown away. Proprietary software is ownership.
Libreboot removes the Intel Management Engine software from the boot process.
Coreboot functions on newer hardware and can be used to flash the Intel ME HAP disable mode bit using me_cleaner.py which is the NSA's kill switch discovered by PTSecurity in their reverse engineering of the management engine software.
github.com
Coreboot with me_cleaner can be flashed using a raspberry pi and bus pirate on the 100$ Thinkpad x220, Just buy 16GB of RAM and get an SSD for it then you have a secure machine with decent specs.
Nope. Hardware backdoor.
Hopefully when we look back on this era and see that every single piece of computing tech was back-doored, professors will talk about it as if it were communist russia, a dark time in our past to move on from.
You are retarded. Coreboot and me_cleaner.py literally removes the network stack from the management engine blob and you can turn on a single bit that totally halts the management engine after boot (undocumented HAP disable mode).
puri.sm
Fun fact: HAP stands for High Assurance Platform which is an NSA program.
Intel's statement on the discovery of the HAP disable mode:
"In response to requests from customers with specialized requirements we sometimes explore the modification or disabling of certain features. In this case, the modifications were made at the request of equipment manufacturers in support of their customer’s evaluation of the US government’s “High Assurance Platform” program. These modifications underwent a limited validation cycle and are not an officially supported configuration."
Source: blog.ptsecurity.com
You can purchase cheap pre-Librebooted machines here:
minifree.org
The GNU project has the "respects your freedom certification" which requires that hardware manufacturers do not have a binary blob backdoor in their CPU.
You can see a list of certified hardware manufacturers with the certification here:
fsf.org
If you want something a bit newer than machines that cannot totally remove the Intel ME (total removal of the Intel ME via libreboot only works on Core 2 Duo machines due to Intel hardware forced halts after 30 minutes if you don't init the ME blob at boot) then checkout Purism (laptop with modern intel chips) and Raptor Engineering (workstations with OpenPower9).
puri.sm/
raptorcs.com/TALOSII/
How long before there is a WCry level or worse global exploit of ME/PSP?
Already exists (being shown at BlackHat Europe 2017):
theregister.co.uk
Previous exploit had open vulnerability for 10 years:
arstechnica.com
Yes anything made after 1998 has some sort of backdoor in it.
uhhh, nope.
ThinkPad x200 war prior to Intel's use of the Management Engine and was shipped in 2008.
thinkwiki.org
Same with any machine with a Core 2 Quad.
Apple's Power Books don't have security co-processor either so if you install Debian on those you are fine.
There already is an exploit, just nobodies taken advantage of it yet.
It exists but details are not public yet as the guys who discovered it are presenting it at BlackHat Europe 2017. So nobody can. Similar to how the NSA had Wannacrypt's SMB protocol vulnerability in Windows that they didn't disclose to Microsoft and was leaked to the developers of Wannacrypt via the Shadow Brokers group.
There were previous remote exploits which have since been patched also.
This also does not include backdoors since we are only talking about publicly known exploits.
but the x201 does have IME, right?