zlacker

[return to "Toward a Reasonably Secure Laptop"]
1. d33+y5[view] [source] 2017-07-11 12:35:59
>>doener+(OP)
If I read that right, they're allowing Intel ME, which sounds like a sad compromise to me. Given that it's a pretty big complex black box that one can't easily disable, would you agree that x86 is doomed when it comes to security? If that's the case, is there any hope we could have a CPU with competitive capabilities? (For example, is there an i7 alternative for ARM?)

What could one do to make it possible to have ME-less x86 in the future?

◧◩
2. vbezhe+16[view] [source] 2017-07-11 12:42:12
>>d33+y5
When you're running megabytes of proprietary code on numerous processors in your laptop completely out of your control, why do you focusing on Intel ME? What about your network card which runs dedicated processor with some kind of operating system, executing firmware and processing every network frame before your OS receives it, for example?
◧◩◪
3. majews+3m[view] [source] 2017-07-11 14:47:27
>>vbezhe+16
When the network card tampers with the packets, this can be detected if the network protocols use the correct cryptographic algorithms to ensure integrity and confidentiality. Protecting against tampering on the CPU level is much harder, since this is where these algorithms are carried out.
◧◩◪◨
4. proble+aq[view] [source] 2017-07-11 15:15:14
>>majews+3m
If you think you're going to catch every possible NIC-level modification, does tampering on the CPU really matter if there's no way to store or exfiltrate the data without being detected?
[go to top]