Clearly there’s demand for an Intel product with these features absent from the platform controller hub.<p>I acknowledge that hardware products take years to develop, and they already have a lot on their plate.<p>Perhaps Intel doesn’t care about consumer whims, but clearly there’s demand from companies like Google.<p>I’m just generally surprised at the lack of public-facing responses from Intel’s leadership around this and other security issues facing their platform. It all reads like lawyers trying to minimize their liability.<p>They’re one of the most important technology platforms today. Everything besides cellphones runs on Intel.<p>Despite actually being a monopoly or duopoly, they don’t have to be so stodgy. I want to love them for their profound impact these past few decades, but it’s hard when it feels like they don’t listen to their customers.
I've been hearing about Intel’s Active Management Technology for years, but I'd like to see a demonstration of how an attack would work. I have an unused laptop with:<p>1. an Intel CPU that supports the vPro feature set<p>2. an Intel networking card<p>3. the corporate version of the Intel Management Engine (Intel ME) binary (well, definitely, a corporate laptop that used to get updates, but how do I check for ME?)<p>Is there a website I can visit that can initiate a remote takeover (I'm consenting to it)? Why isn't this possible? What other step is required on my side to make it possible? Is it possible only through the physical ethernet connection? Why aren't we seeing wide scale exploits based on AMT?
Purism just needs TrackPoint and thicker keyboards, and I can upgrade my stockpile of ThinkPads. :) <a href="https://www.neilvandyke.org/coreboot/" rel="nofollow">https://www.neilvandyke.org/coreboot/</a>
> <i>We choose Intel CPUs that do not have vPro</i><p>The Wikipedia article they link about vPro says:<p>> <i>Intel vPro technology ... [includes] VT-x, VT-d...</i><p>Does this mean that Purism hardware won't support virtualization extensions? Seems like that would be a big downside, and would make it a non-starter for a lot of people (including myself).
What are the odds that the chips that don't feature AMT/ME don't have it physically as opposed to it just being crippled in firmware ? In which case if one is worried about government backdoors this should alleviate exactly zero concerns.
Another vector for attack is shipping. Do you trust that this won't be intercepted and "customized" on its way to your address from the factory?
"with the intention of reverse-engineering the remaining parts"<p>this line strikes me as odd. Don't OEMs normally have a contract with Intel (or someone that does) for licensing the motherboard design that would prevent them from doing this?
Disabling is not removing. People have found motherboards that should ostensibly not support vPro (e.g. Asus gaming motherboards) that do report vPro ME functionality.<p>There is no reason to believe the software switch is working, especially when even a system integrator can accidentally enable the features. If someone wants them on they turn on.<p>Purism sells snakeoil. Presenting their offerings as FOSS-compatible would be honest. Claiming additional security is not.