zlacker

[return to "Toward a Reasonably Secure Laptop"]
1. d33+y5[view] [source] 2017-07-11 12:35:59
>>doener+(OP)
If I read that right, they're allowing Intel ME, which sounds like a sad compromise to me. Given that it's a pretty big complex black box that one can't easily disable, would you agree that x86 is doomed when it comes to security? If that's the case, is there any hope we could have a CPU with competitive capabilities? (For example, is there an i7 alternative for ARM?)

What could one do to make it possible to have ME-less x86 in the future?

◧◩
2. fghtr+UJ[view] [source] 2017-07-11 17:30:34
>>d33+y5
>What could one do to make it possible to have ME-less x86 in the future?

One could lock all the devices that can store data: https://blog.invisiblethings.org/papers/2015/state_harmful.p...

"The general idea is to remove the SPI flash chip from the motherboard, and route the wiring to one of the external ports, such as either a standard SD or a USB port, or perhaps even to a custom connector. A Trusted Stick (discussed in the next chapter) would be then plugged into this port before the platform boots, and would be delivering all the required firmware requested by the processor, as well as other firmware and, optionally, all the software for the platform."

[go to top]