Clearly there’s demand for an Intel product with these features absent from the platform controller hub.
I acknowledge that hardware products take years to develop, and they already have a lot on their plate.
Perhaps Intel doesn’t care about consumer whims, but clearly there’s demand from companies like Google.
I’m just generally surprised at the lack of public-facing responses from Intel’s leadership around this and other security issues facing their platform. It all reads like lawyers trying to minimize their liability.
They’re one of the most important technology platforms today. Everything besides cellphones runs on Intel.
Despite actually being a monopoly or duopoly, they don’t have to be so stodgy. I want to love them for their profound impact these past few decades, but it’s hard when it feels like they don’t listen to their customers.
The remote access features are probably removed or disabled via microcode changes. As Purism referred to sourcing recent CPUs without vPro, they are either directly or indirectly getting those kind of vPro-disabled variants.
I've been hearing about Intel’s Active Management Technology for years, but I'd like to see a demonstration of how an attack would work. I have an unused laptop with:
1. an Intel CPU that supports the vPro feature set
2. an Intel networking card
3. the corporate version of the Intel Management Engine (Intel ME) binary (well, definitely, a corporate laptop that used to get updates, but how do I check for ME?)
Is there a website I can visit that can initiate a remote takeover (I'm consenting to it)? Why isn't this possible? What other step is required on my side to make it possible? Is it possible only through the physical ethernet connection? Why aren't we seeing wide scale exploits based on AMT?
Absence of evidence is not the evidence for absence.
If the backdoor exists you will need to know a secret to open it. Currently, the public obviously doesn't know this secret or the doors would be wide open for virtually anybody. Because we don't know the secret key, we cannot open them to prove that they exist. So we don't know for sure if the backdoors exist. But the way the IME is designed and handled makes it possible and plausible that backdoors could exist. It's up to Intel to prove that they don't exist.
The odds of this being actively exploited by a nation state is higher than it not being exploited. It's too juicy of a attack target, while being almost universally deployed since 2008.
Even 14 years ago the FBI was using off cellphones as microphones, recording in-person conversations in a restaurant between some Mafia targets. It was acknowledged during a criminal trial, which means it was probably old-hat by then:
> Kaplan's opinion said that the eavesdropping technique "functioned whether the phone was powered on or off."
> He ruled that the "roving bug" was legal because federal wiretapping law is broad enough to permit eavesdropping even of conversations that take place near a suspect's cell phone.
Getting access to laptops/PCs regardless of power state with long-term persistence and very low detectability, regardless of traditional OS monitoring, would be top of the list in terms of requirements for any intelligence agency.
The NSA doesn't need to know a backdoor exists in order to worry about one. The ME is infrequently exercised code with a large attack surface and highly privileged access. If you are security conscious and don't need the functionality it's quite logical to want to turn it off, whether you're the NSA or anybody else.
There have been two really severe AMT vulnerabilities (basically allowing complete takeover of the PC through the network). These have been patched and no widescale exploitation of them has been reported AFAIK. The other vulnerabilities essentially allow for a super-rootkit: if you can get arbitrary code execution in the AMT from the OS then you can escalate an exploit into a rootkit which is basically impossible to detect or remove, and this kind of exploitation has been seen in the wild.
> severe AMT vulnerabilities (basically allowing complete takeover of the PC through the network)
Does this mean when the PC was connected by ethernet cable? Even by wifi? The exploit could have worked by visiting an arbitrary website? With no click? (I’m not being skeptical. I just want to understand what’s required for the exploit to work.)
You don't even need to boot the machine much less go to a website.
One of them I think was actually a zero day, you could get up on shodan and find piles of machines that would just let you upload an ISO and boot whatever you wanted on them.
"... the fundamental rule of technological progress: if something can be done, it probably will be done, and possibly already has been."
-Edward Snowden (Permanent Record)
It's certainly one of those "acquired tastes", though like with 3.5mm elimination, I don't understand the sheer vitriol against it by those who happen not to use it. Why do you care? If everything else in Thinkpad appealed to you, why would an eminently ignorable feature be such a HUGE ("single reason") deal breaker?
In my mind, either a) There are other reasons and this is a convenient conscious or subconscious scapegoat; or b) it's an extremely emotional decision, and as such certainly relevant to holder ("Whatever floats your boat!":) but not necessarily applicable or translatable to anybody else.
I'd be curious (genuinely!) to hear more - were you actually tempted by any Thinkpads in the past but rejected them due to trackpoint, and if so can you elaborate why - what use case did they prevent or what inconvenience did they cause? Thx muchly! :)
Not much against nipple itself, but what about the TWO GIANT physical clicky buttons under the spacebar?
- extra accidental clicks
- steal of space from the touchpad
- more moving parts
- visual clutter
- undermine chassis rigidity
- add weight
- With touchscreen and a good touchpad, there's nothing that justifies its existence.
Oh yeah, they tried removing those in the _40 series (T440, T540, etc) a few generations yet. That went over well! :P
As I frequently mention in this context: You haven't lived until you've seen a highly paid security architect slam their laptop repeatedly in front of the client in frustration :P.
So they put them back in the _50 series and onward :).
Seriously, the generation was reviled and it was a complete rebellion to put them back. And with good reason.
The two "GIANT" (regular sized, but whatever:) physical clicky buttons are there for people who like physical clicky buttons. Which is a large portion of user base using ThinkPads / Lattitude / Elitebooks. These laptops are tools of our trade and we use them at home at work on airplane in coffee shop in the park in the backyard in the bedroom everywhere. We have a fixation for functionality, for positive action and reliable feedback, not design/minimalism.
I have no fantasies that we'll agree, but wanted to provide a perspective to enhance understanding :)
Edit/Update upon thinking: I think indeed there's a market/product for both: people / companies who prefer minimalism (Apple laptops are really the sexiest epitomes of that design aspiration and I'll agree if sleek sexiness is an important criteria, nothing beats them:). And for people / companies who prefer modularity / functionality / expandability / power... I'd love to say that ThinkPads cater to that audience, but in reality they're becoming more like MacBooks - minimalism is clearly winning in the industry, even if there's a backlash in the hardcore but tiny communities :-/
At any rate, it seems we went from "Trackpoint is the single reason against Thinkpad" to "nothing much against trackpoint", which answers my original question I suppose.
The trackpoint is ugly. It's a giant throwback pimple in the middle of the keyboard, which there's no way to get around looking at all the time. Thinkpads being ugly is kind of their thing, so it doesn't surprise me that lots of Thinkpad people don't mind it or even see it as a plus, but to me seeing a trackpoint is like seeing a floppy drive. I used one for years, and I'm really happy that trackpads have gotten good enough that I'll never need to use one again.
Edit: display notches are actually probably a better comparison. They're ugly and even though I don't use it I can't get rid of it except by using hardware designed not to have it.
And "The trackpoint is ugly" is yours. At least he's talking about something relevant: usability. If you refuse to use a keyboard because it's "ugly", well, there's Apple for that.
But display notches obscure the display, they're a functional issue. There's literally a hole in the image. (I have a top centre notch, and curved corners, on my A70. When watching content, wherever possible I letterbox the corners and notch out so that I'm not missing anybody the actual frame.)
Most typists aren't touching the nipple when they're typing, so is it an objection that's purely aesthetic, as opposed to notches?
My experience is absolutely not that most typists I know don't touch it accidentally, that sounds aspirational to me. It's definitely in the way and annoying if you're not thinking about it. Especially if you're doing something like video editing where you don't have your hands in the normal typing position. Or even in an IDE where you're back and forth to the trackpad a lot.
People who type a lot are super sensitive to changes in their keyboard, and this is a change to the keyboard. It's definitely both aesthetic and functional.
lol you’re downvoted but right. IBM had a lab to the west of Tokyo where lots of ThinkPads were said to have born there so not just people like them but same people make them.
FWIW - I think most of us who enjoy Thinkpads don't "see ugliness as a plus". Rather, we think it has a classic look, rather than fashionably sexy. And we do enjoy using the TrackPoint :-)
I was the same, but once I got used to it helps keep your hands almost always on the keyboard, I really love it now. Whenever I use a different laptop these days, I instinctively search for the trackpoint.
Does this mean that Purism hardware won't support virtualization extensions? Seems like that would be a big downside, and would make it a non-starter for a lot of people (including myself).
The second sentence on Wikipedia says: When the vPro brand was launched (circa 2007), it was identified primarily with AMT, thus some journalists still consider AMT to be the essence of vPro.
(They have also added a small asterisk to the Purism article to clarify - I'm also just reading it now so don't know if it was there before)
vPro is a marketing label that can be applied to CPUs with all of the enumerated features. Those features can be present without having all of them present.
I would argue that the out of band management provided by DMTF DASH is closer to what people consider then Intel backdoor then the AMD PSP. The PSP cannot be accessed remotely and is only available locally which removes most of the attack surface.
Recent (1-2 years?) AMD BIOS supports disabling the Platform Security Processor (their ME equivalent).
I haven't been able to figure out what exactly this means, but it does seem to be disabled after system initialization. Kind of like Intel's HAP bit, except user-settable.
Thanks for that! This is quite relevant to me right now as I'm thinking about my next upgrade. Obviously, I'd prefer to buy AMD, especially if this disable switch is legit. But grotesquely, I'm still considering going with Intel, because at least I know I can use me_cleaner there, and more or less understand exactly what it does. Hopefully this document will clear some of that up.
Welp. Their response to Raptor in that thread just forever cost System76 my business.
System76 takes the position that compatibility with x86 binaries is worth having to take closed, remote-access-enabled, binary firmware. That's a position someone can take.
Responding "So what?" and "I was expecting this" is just nasty and unprofessional.
That's not System76 account. It's a personal account of one person who has a history of being harassed by Raptor. Raptors tweets were from their official account, and your reaction was the exact goal of their antagonism.
It does read like that, but even so, the initial question from Raptor Computing Sys was very well worded and not disrespectful at all. The inability to at a minimum leave it as "We've covered this before, and disagree on some items. We'll have to agree to disagree and leave it at that." or even "I'm doing what I can, we'll see where it ends up in the end" or "See the official account for official statements" is the troubling part. Then a gain, that doesn't appear to be uncommon on Twitter, where everyone seems to have trouble disambiguating their professional and personal lives, and those of the people they are responding to (which is related).
was read as abrasive; that tweet can be read as a snarky attack that belittles the efforts of the porter, to which the "so what?" response is apt – in fact, a de-escalation.
And yet, in reality, it wasn't one. (This is why you assume good faith, people!)
> was read as abrasive; that tweet can be read as a snarky attack that belittles the efforts of the porter
I guess, because it allows for the chance that someone may not finish what they set out to do?
> to which the "so what?" response is apt – in fact, a de-escalation
"so what" is not a useful path to de-escalation. It's a way of saying "you've said your point and I don't think any of it applies, but I'm not going to explain why, nor even go to the length of explaining this to you, and instead respond with two words." It is, at it's core, dismissive, and that's not a useful way to de-escalate (even though I admit some people seem to think it is). What people don't seem to understand that that colloquial speech used with a friend is often dismissive in exactly this way, on purpose, because when you can actually assume good faith because of lots of prior interactions, it speeds up communication.
> And yet, in reality, it wasn't one.
Yeah, as I noted above, it very rarely is. The only times I think it can be used safely are when the people in question know each other well enough to know the other person is not being condescending and dismissive, and even then it's easy to be interpreted as that when the discussion is heated. In those cases, it sometimes takes people cooling off to assess the conversation more rationally and see what's actually the more likely intent in the phrase.
> (This is why you assume good faith, people!)
Good faith is useful, and necessary, but it really works best when only a little faith is needed in the first place. Since you can only assume good faith for yourself, it's also in your own self interest to make sure you limit the ways in which you speech can be misinterpreted. Often that means being a bit more formal so misunderstandings based on tone and familiarity are more rare. That's a shame, because sometimes we want to show friendship through our words, but that's much harder to do in pure text. Smiley's and emoticons can actually go a long way towards correctly communicating intent in these cases.
Sorry for the rant, I used this as a way to solidify some of my thinking on the subject. :)
You can easily use AMT on your own PCs, with fully open source software. Just go set a remote access password in your boot settings, and download control client from https://www.meshcommander.com/
The idea of gaining control of the management hardware like this is really exciting. Can anyone here comment on whether it could plausibly happen? I’m guessing it would require leaks from Intel because otherwise whoever develops the capability would presumably keep it close to the vest or sell it for major $ right?
I just mean, rather than leaving your computer with a powerful remote administration system un-configured & ready to go with a default password, provision it yourself, set the passwords, maybe even use it.
What are the odds that the chips that don't feature AMT/ME don't have it physically as opposed to it just being crippled in firmware ? In which case if one is worried about government backdoors this should alleviate exactly zero concerns.
"with the intention of reverse-engineering the remaining parts"
this line strikes me as odd. Don't OEMs normally have a contract with Intel (or someone that does) for licensing the motherboard design that would prevent them from doing this?
I have no idea what the contracts say, but Purism seems to be comfortable operating "outside the system" so maybe they just won't have any contract with Intel.
Disabling is not removing. People have found motherboards that should ostensibly not support vPro (e.g. Asus gaming motherboards) that do report vPro ME functionality.
There is no reason to believe the software switch is working, especially when even a system integrator can accidentally enable the features. If someone wants them on they turn on.
Purism sells snakeoil. Presenting their offerings as FOSS-compatible would be honest. Claiming additional security is not.
It's not possible to remove, or at least account for all behavior of, the ME entirely until the BUP part is reverse engineered. You can't take that part out yet and have a working CPU as far as I understand.
I'm surprised you didn't mention the FSP which is a binary blob from Intel required to be run by any boot firmware (UEFI, Coreboot, or whatever) very early in the platform initialization process (to my understanding, basically as soon as possible after the reset vector, in the PEI phase) before anything is useable.
Baby steps. Don't let perfect be the enemy of good. Success here could indicate to CPU vendors there are people who care about these things.
I know it isn't possible. Half measures are attractive short term but can serve to normalize failure, as is currently happening. Most people I know view Purism favorably and think it has actually made ME irrelevant. It hasn't, all the hardware is still there and can be enabled. You still are not the de facto owner of the machine.
I agree, but it's not like they've given up. They're still working on it, and hope to find a way to permanently remove all the software that enables it, and run their own software instead. Whether or not they'll eventually be successful is of course an open question.
The alternative, at least right now, is that Purism doesn't sell any hardware at all, goes out of business, and then there's no one working credibly on this. That would be an even worse failure, IMO.
"
We released a petition for, and continue to work with Intel to free it entirely (what Intel is calling a “ME-less” design).
"
Do you have a better solution that trying to neutralise it + starting a petition + talking with Intel to remove it ?
If you to want to criticize brands for selling privacy snakeoil, and not making you "the de facto owner of the machine" then we should address your criticism at Apple, not Purism
Well, if ME was activated by the byte sequence PLEASE_ENABLE_ME_42 being present in RAM, which caused it to look for the Firefox / Chrome network stack in memory and use that to send passwords to Intel…
If it has no NIC access and the OS doesn't have access to it because it's not hanging on PCIe anymore, so if it's only there for system bringup, it's essentially sealed off from the world.
That’s a useless definition of “removed”; using that definition, ME can never be “removed” at all! But that’s not what we’re talking about here. A more useful definition would be to use “removed” as in “not a security problem anymore”.
that's like saying having a flimsy house door lock lying in your kitchen drawer is a security problem.
you have hardware on the cpu no longer accessible by software. you have a mellanox network card the me can't talk to. it's there, in the kitchen drawer. it's no longer in the door -so not a security problem.
the 'issue' requires physical access to the machine, and for you to be logged in with an admin account. if someone is physically sitting next to your server and logged in as root, you have no security anymore. they don't need to break into anything, the can just run what they want already.
someone is in your car with keys in the ignition. you're saying they can steal your car by hacking the entertainment system because it's insecure.
No, this is more akin to having a flimsy plywood door with a plastic lock right next to your real one but acting like you've solved the issue by taping a "please don't use" sign over it.
Intel ME is still there. It is still potentially remotely configurable and remotely updateable. That those features are not advertised is irrelevant, they can be assumed to be there or easily added.
'It is still potentially remotely configurable and remotely updateable.'
and there's the issue. it is literally not remotely anything, since in the stated configuration it is not possible to get to it unless you are physically sitting at your computer and logged in. you are making stuff up and saying the thing you made up is dangerous.
Sure, but not using an Intel NIC is supposed to make it already not remote accessible, without all this work.
If ME is still involved in the system, it can still act as an undetectable permanent implant/rootkit, you just need to burn one 0day to reach it by breaking into the x86 part first.
Even if they are not yet 100% sure, it's still far better than any other laptop from any other brand who don't even bother trying to do anything about it
Unfortunately the same business types who demanded such a ridiculous self-own as an integrated CPU-level backdoor also pressured AMD into shipping the same thing. And we know less about the AMD PSP than we do about Intel ME.
ARM is no better, either, at least in practice. Their relatively friendly licensing terms would allow a vendor willing to make their own silicon in volume to ship a no-TrustZone, no-Secure-Boot SOC. However, nobody does this. In fact, moving to ARM has traditionally been used as an excuse to lock out third-party operating systems and unlicensed software. (Remember Windows RT tablets?)
I've been able to make the adjustment by buying something with a slightly larger display. A 13" 16:10 display is comparable to 14" 16:9. At 1080p/1200p you lose some vertical pixels and a very tiny amount of physical vertical length, but you gain horizontal pixels and length, along with potentially more ports.
This was my recent experience choosing between a new XPS 13 or a T14s amd. Side by side the screens weren't that different. Port selection, keyboard quality, and trackpoint availability were the tiebreakers in favor of the Thinkpad. (Didn't care much about the performance difference due to my light use case.)
I can't really stay productive on anything less than 15". Right now I'm currently enjoying this years lineup of 17" laptops whose body is basically what a 15" was some years ago. I do graphics and sound production aside from programming so I'm really enjoying the extreme screen-to-body ratios. Vapor chamber cooling is also a nice addition.
But the thing that really gets me is the 16:10 resolution, I could personally never go back after using it, it just feels correct (to me).
>I can't really stay productive on anything less than 15".
Agreed. Without a dock/external monitor 13" and 14" are really not the sizes one should focus on for productivity, except in short bursts. 16:10 really makes an impact on displays smaller than 17". It took serious justification for me to give up the XPS 13" 16:10 display in favor of a 16:9 14" laptop. I absolutely would not have chosen a 13" 16:9 display because of how big of a net loss it is.
I acknowledge that hardware products take years to develop, and they already have a lot on their plate.
Perhaps Intel doesn’t care about consumer whims, but clearly there’s demand from companies like Google.
I’m just generally surprised at the lack of public-facing responses from Intel’s leadership around this and other security issues facing their platform. It all reads like lawyers trying to minimize their liability.
They’re one of the most important technology platforms today. Everything besides cellphones runs on Intel.
Despite actually being a monopoly or duopoly, they don’t have to be so stodgy. I want to love them for their profound impact these past few decades, but it’s hard when it feels like they don’t listen to their customers.