Autore: Erik Christiansen Data: To: dng Oggetto: Re: [DNG] Purism Librem and disabling Intel ME: it can be done [
Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
The notion of an extra embedded CPU or two on big Intel chips is not
difficult to credit, but where is the postulated entire minix OS loaded
from?
If our hosts cannot be trusted not to phone home to folk wearing dark
glasses, then would it not suffice to employ a simple embedded host with
a small die, such as an ARM, e.g. Beaglebone Black, as a firewall?
Buy two, take the lid off the chip on one, to confirm that there's only
enough silicon complexity to provide one RISC CPU, and paranoia might be
able to be reigned in. With a microscope, purely optical or USB, it is
not that hard to identify recognisable structures such as ALU,
registers, ROM, etc. Any second CPU capable of running a TCP stack would
show up.
If that's not enough, then an ethernet sniffer running on unsubvertible
low level 16 bit embedded hardware, running a low level RTOS, could
monitor traffic to the firewall, logging all destination IPs, protocol,
etc., revealing unwarranted traffic.
Conspiracy theories are lotsa fun, but if there's a problem with
substance, then restoring user control needn't be that hard, I figure.