Autor: Erik Christiansen Data: Para: dng Assunto: Re: [DNG] Purism Librem and disabling Intel ME: it can be done [
Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
On 07.09.17 13:32, Adam Borowski wrote: > On Thu, Sep 07, 2017 at 09:17:20PM +1000, Erik Christiansen wrote:
> > If our hosts cannot be trusted not to phone home to folk wearing dark
> > glasses, then would it not suffice to employ a simple embedded host with
> > a small die, such as an ARM, e.g. Beaglebone Black, as a firewall?
>
> It's not hard to trigger a backdoor using a higher level protocol, from
> Javascript, etc.
But no-one who is awake would enable java or any of that stuff on a firewall.
Back doors on the LAN can't phone home through a minimal-silicon RISC
embedded firewall which is just too small to contain any secondary CPU.
It just needs to run a minimal kernel with packet routing capability.
Everything else is a door into vacuum.