:: Re: [DNG] Purism Librem and disabli…
Page principale
Supprimer ce message
Répondre à ce message
Auteur: Didier Kryn
Date:  
À: dng
Nouveaux-sujets: [DNG] Talos, Intel, libre purism, ...
Sujet: Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
Le 07/09/2017 à 10:48, Taiidan@??? a écrit :
> On 09/07/2017 04:30 AM, Alessandro Selli wrote:
>
>> On Wed, 6 Sep 2017 at 17:12:27 -0400
>> zap <calmstorm@???> wrote:
>>
>>> Agreed! Talos is at least *LIBRE!*
>>    No, it ain't:
>> https://blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/

>>
>>     "BMCs and the IPMI Protocol

>>
>>     Baseboard Management Controllers (BMCs) are a type of embedded
>>     computer used to provide out-of-band monitoring for desktops and
>>     servers. These products are sold under many brand names, 
>> including HP
>>     iLO, Dell DRAC, Sun ILOM, Fujitsu iRMC, *IBM IMM*, and Supermicro
>>     IPMI."

>>
>>    IBM stuff is plagued by embedded controlware, too. 



     Alessandro, I've read that thread with great interest and I think 
you forgot a "detail": BMC software is open on IBM Power, meaning you 
can replace it by your own, or patch the existant if you prefer.


     Wether there is yet another backdoor is only a supposition and it 
applies to everything you can buy, not specifically IBM. At least, if 
there is one, it is known only to the manufacturer and the 3-letter 
agencies, not to the general hacker. And I'm optimistic because of the 
following law: the time of life of a secret decreases when the number of 
persons who share it increases, and in this case there must be a number 
of engineers.


                 Didier