zlacker

[return to "Toward a Reasonably Secure Laptop"]
1. d33+y5[view] [source] 2017-07-11 12:35:59
>>doener+(OP)
If I read that right, they're allowing Intel ME, which sounds like a sad compromise to me. Given that it's a pretty big complex black box that one can't easily disable, would you agree that x86 is doomed when it comes to security? If that's the case, is there any hope we could have a CPU with competitive capabilities? (For example, is there an i7 alternative for ARM?)

What could one do to make it possible to have ME-less x86 in the future?

◧◩
2. lmm+m6[view] [source] 2017-07-11 12:45:07
>>d33+y5
There are open processor designs, e.g. many SPARC designs are published. You could run a reasonable webserver or what have you on those. But only the mega-corps chipmakers are going to be competitive with the current state of the art, and the mega-corp chipmakers are going to include ME or equivalent because their mega-corp clients want it.

More generally if the processor's going to have any dynamic internal logic then that has to run somewhere. Frequency scaling, wake-on-lan, microcode updates... you probably do want an ME-style embedded management processor that runs the processor's firmware just as you would for any other peripheral (hard drives, wifi controllers and so on all contain their own embedded ARM cores these days). ME itself isn't the issue - having what runs there be open and inspectable is.

[go to top]