Slashdot Mirror

It never made any sense to me why you would pay for hardware just to loose your privacy.

If you choose the Chromebook c201, it can increase your privacy since it can run libreboot to replace the Intel ME. The firmware is protected by a physical screw so it can be software flashed. Then it can run Debian, Devuan, Parabola etc.

The Platform Security Processor (PSP) is built in on all Family 16h + systems (basically anything post-2013), and controls the main x86 core startup. PSP firmware is cryptographically signed with a strong key similar to the Intel ME. If the PSP firmware is not present, or if the AMD signing key is not present, the x86 cores will not be released from reset, rendering the system inoperable.

The PSP is an ARM core with TrustZone technology, built onto the main CPU die. As such, it has the ability to hide its own program code, scratch RAM, and any data it may have taken and stored from the lesser-privileged x86 system RAM (kernel encryption keys, login data, browsing history, keystrokes, who knows!). To make matters worse, the PSP theoretically has access to the entire system memory space (AMD either will not or cannot deny this, and it would seem to be required to allow the DRM “features” to work as intended), which means that it has at minimum MMIO-based access to the network controllers and any other PCI/PCIe peripherals installed on the system.

So, as I said, PSP (neigh ASP) is AMD's version of Intel's ME and is based on ARM TrustZone. It's literally an ARM core with TrustZone that manages the boot process and provides various out-of-band features separate from the x86 cores.

You are correct, though, that TrustZone is something completely different; but AMD's PSP (ASP) relies on TrustZone. I did misunderstand how much of that functionality came from TrustZone so, thank you for the additional info.

Yes, it's called a "Platform Security Processor".

1. https://libreboot.org/faq.html...

The libreboot project recommends avoiding all modern AMD hardware. If you have an AMD based system affected by the problems described below, then you should get rid of it as soon as possible.

The PSP is an ARM core with TrustZone technology, built onto the main CPU die. As such, it has the ability to hide its own program code, scratch RAM, and any data it may have taken and stored from the lesser-privileged x86 system RAM (kernel encryption keys, login data, browsing history, keystrokes, who knows!). To make matters worse, the PSP theoretically has access to the entire system memory space (AMD either will not or cannot deny this, and it would seem to be required to allow the DRM "features" to work as intended), which means that it has at minimum MMIO-based access to the network controllers and any other PCI/PCIe peripherals installed on the system.

In theory any malicious entity with access to the AMD signing key would be able to install persistent malware that could not be eradicated without an external flasher and a known good PSP image. Furthermore, multiple security vulnerabilities have been demonstrated in AMD firmware in the past, and there is every reason to assume one or more zero day vulnerabilities are lurking in the PSP firmware. Given the extreme privilege level (ring -2 or ring -3) of the PSP, said vulnerabilities would have the ability to remotely monitor and control any PSP enabled machine completely outside of the user's knowledge.

Older AMD CPUs (read: Phenom 2 and earlier) do not have any kind of management processor. I don't know about the desktop versions of the earthmover cores (the FX-series), but a fair few of the mobile chips (the A-series) have it

The FX series don't have it, as they are family 15, and the PSP is only there starting from family 16: https://libreboot.org/faq.html... I think you can continue to buy FX CPUs for a while, as the (Ry)?Zen series is only now starting to make an impact in the marketplace.

Older AMD CPUs (read: Phenom 2 and earlier) do not have any kind of management processor. I don't know about the desktop versions of the earthmover cores (the FX-series), but a fair few of the mobile chips (the A-series) have it (https://hothardware.com/reviews/amd-beema-and-mullins-mainstream-and-lowpower-2014-apus-tested?page=2 and http://www.tomshardware.com/reviews/amd-tablet-processor,3813-2.html). Ryzen most definitely has this, and makes heavy use of it (http://techreport.com/review/32125/amd-epyc-7000-series-cpus-revealed).

The code for the Intel management processors is stored on the mainboard's flash chip. Intel's version is surprisingly modular and it's possible to remove at least some of the components (https://github.com/corna/me_cleaner). Note that said management processor has some rather strong self-preservation instincts and won't allow anything to write to its region of flash memory. Since it (not your x86 chip) is the true master of "your" computer, this means that you need to yank the power cable and program the flash chip directly using a Beaglebone or Raspberry Pi and a SOIC clip (https://libreboot.org/docs/install/rpi_setup.html). Annoying, but doable.

I do not know how AMD CPUs store the code for their management processor, but I'd guess that it's done in a similar manner to the Intel CPUs - in a region of the motherboard's flash memory. I don't know of any investigations into it yet, but one advantage you have there is that it's an ARM processor and as such there are a lot of very mature debugging and disassembly tools which can be used to investigate the code. Additionally, AMD uses the Trustonic codebase for their management processor (https://www.trustonic.com/news/company/amd-licences-trustonic-trusted-execution-environment/), which I've seen before in phones and was very modular with each "trustlet" (separate tasks dealing with things like kernel integrity monitoring, OAUTH tokens, or Widevine DRM) being a separate file on the filesystem - if this is the case on Ryzen, it might be possible to remove some of the more offensive components with minimal effort.

Well killed them on Intel according to their FAQ
https://libreboot.org/faq.html...

>>AMD has similar features in theirs as well.

>Do you have any evidence of this? I'd like to learn more about that
A link or two would be nice.

Platform Security Processor (PSP); it is exactly the same as Intel's backdoor- hardware based, secret, non-controllable.

https://hothardware.com/news/a...

https://www.techpowerup.com/23...

https://libreboot.org/amd-libr...

https://en.wikipedia.org/wiki/...

Regardless, the government will just have keyloggers built into the BIOS. The manufacturers are the weak link here.

Keyloggers are a well-known problem -- and one for which security solutions are designed to mitigate. U2F was designed to be secure with a keylogger installed (because spyware is a thing). There are completely open, easily manufactured designs of U2F keys.

GPG cards similarly have an open design, and are designed such that the keys can't be recovered from the device -- and the critical decryption is done on the GPG card.

There's also Coreboot, Libreboot, and OpenFirmware before that -- all open source BIOSes you can audit and compile yourself.

Electronics hobbyists design entire computers -- from PC board design and manufacture (at home) all the way to working Linux computers with internet access. Completely from scratch.

The reality is that the skills and tools to bypass such spying is common, widespread, and well published. Many who have the skills are thrilled when somebody shows an interest in their hobby, and eagerly assist anyone who asks.

Then let it be known that the macbook1,1 and 2,1 can run libreboot instead of EFI.

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
@21m43s, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.
[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
[Quotes] Vortrag:
"DAGGER exploits Intel's Manageability Engine (ME), that executes firmware code such as Intel's Active Management Technology (iAMT), as well as its OOB network channel."

"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker. Our presentation consists of three parts. The first part addresses how to find valuable data in the main memory of the host. The second part exploits the ME's OOB network channel to exfiltrate captured data to an external platform and to inject new attack code to target other interesting data structures available in the host runtime memory. The last part deals with the implementation of a covert network channel based on JitterBug."

"We have recently improved DAGGER's capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code."

"To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide [github.io] using the me_cleaner [github.com] script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection [win-raid.com] and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked with the engineering department and they confirmed it.

Long version:

ME: Management Engine

The Intel Management Engine (ME) is a separate computing environment physically loca

He meant AMD's Platform Security Processor, not the Playstation Portable.

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked with the engineering department and they confirmed it.

Long version:

ME: Management Engine

The Intel Management Engine (ME) is a separate computing environment physically located in the MCH chip or PCH chip replacing ICH.

The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system's memory as well as to reserve a region of protected external memory to supplement the ME's limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked with the engineering department and they confirmed it.

Long version:

ME: Management Engine

The Intel Management Engine (ME) is a separate computing environment physically located in the MCH chip or PCH chip replacing ICH.

The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system's memory as well as to reserve a region of protected external memory to supplement the ME's limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked with the engineering department and they confirmed it.

Long version:

ME: Management Engine

The Intel Management Engine (ME) is a separate computing environment physically located in the MCH chip or PCH chip replacing ICH.

The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system's memory as well as to reserve a region of protected external memory to supplement the ME's limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked with the engineering department and they confirmed it.

Long version:

ME: Management Engine

The Intel Management Engine (ME) is a separate computing environment physically located in the MCH chip or PCH chip replacing ICH.

The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system's memory as well as to reserve a region of protected external memory to supplement the ME's limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked with the engineering department and they confirmed it.

Long version:

ME: Management Engine

The Intel Management Engine (ME) is a separate computing environment physically located in the MCH chip or PCH chip replacing ICH.

The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system's memory as well as to reserve a region of protected external memory to supplement the ME's limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or

Reminding people of the IME won't do AMD any good, as they implement their own version of it called the AMD Platform Security Processor (PSP) that's just as bad.

You are thinking Intel's Management Engine, normally called ME. I didn't want to play that game, but I wasn't willing to switch to ARM to avoid playing that game.

The AMD version is the Platform Security Processor (PSP, not to be confused with Sony's portable offering).

Both are bitched about by libreboot here:
https://libreboot.org/faq.html

AMD is on record as considering looking at the PSP and making it optional or open. Intel lurves their ME and has no plans to do anything with it except continue to make it mandatory. All x86 processors for at least the last half-decade have it built in. There are some few motherboards where the ME can be disabled or at least crippled, assuming you have access to some hardware bullshit and plenty of spare time. There may be equivalents on AMD but I think it is unlikely- Intel chips are happy to boot up for half an hour, AMD chips won't even release cores from reset until their One Ring has control, and has in the darkness bound them.
http://hackaday.com/2016/11/28...

If you are concerned about this- and you personally are- I suggest a router not made by any of the major manufactures (so some of them), and not running x86 (so, almost all of the remaining ones) set to default-deny incoming junk (all of them). I also suggest making sure that your actual network connection is not one that is glued to the motherboard, or is generally considered incompatible in some way (like a pci-e card), as that will minimize the likelihood that the ME/PSP can actually use the network without your help. I assume that any theoretically extant ME/PSP backdoor would most likely rely on an actual packet of some sort being delivered to the PC, as other methods (scan RAM for fixed value, watch for magic opcode, etc) would have both false positive possibility and not be as reliable against whatever targets would be tasty for a theoretical backdoor.

But frankly, until the PSP or ME can be safely disabled, you aren't going to get away from this "paranoid" concern completely on modern x86.

Yes and no. Yes that was the one where Libreboot sent a letter to AMD but it's actually not the one I'm thinking about. There have been a few articles on /. on the Intel side of things with lots of useful stuff about AMD's versions in the comments. That's what got me looking into it in the first place. I think it was in 2015 or 2014.

It would make a good Ask Slashdot, but I wouldn't quote me. I'm just some random nobody. Better to start with Libreboot FAQ if you're going to quote something:
https://libreboot.org/faq.html...

While it's great that you pointed out the problem, I wish that you would also mention the projects that are working on solutions, such as Replicant and Libreboot. The world needs more people working on stuff like that, and you could lend those sorts of projects some of your fame and credibility.

Not all of the drivers for the c201 are open source.

Intel CPU Backdoor Alert (Updated Mar 12, 2017)

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge.
What we know about the Intel backdoor so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak:

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware is in the chipset flash chip (Intel Management Engine).

ccc.de: "Our presentation covers a DMA malware that benefits from an isolated network channel to update the attack code and to exfiltrate captured data. To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."

30C3 Intel ME live hack, @21m43s, keystrokes leaked from Intel ME outside the OS, wireshark cannot detect packets:
[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware

The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal is tricky and requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort. If you are skilled in BIOS/Firmware, download some of the Intel ME firmware from this collection have a go at it (Intel used various decode counter measures, explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked with the engineering department and they confirmed it.

Long version:

ME: Management Engine

The Intel Management Engine (ME) is a separate computing environment physically located in the MCH chip or PCH chip replacing ICH.

The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system's memory as well as to reserve a region of protected external memory to supplement the ME's limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).

The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the networ

Does AMD have anything like the dreaded Intel Management Engine hardware Trojan?

Yes. AMD Platform Security Processor.

The Platform Security Processor (PSP) is built in on all Family 16h + systems (basically anything post-2013), and controls the main x86 core startup. PSP firmware is cryptographically signed with a strong key similar to the Intel ME. If the PSP firmware is not present, or if the AMD signing key is not present, the x86 cores will not be released from reset, rendering the system inoperable.

The PSP is an ARM core with TrustZone technology, built onto the main CPU die. As such, it has the ability to hide its own program code, scratch RAM, and any data it may have taken and stored from the lesser-privileged x86 system RAM (kernel encryption keys, login data, browsing history, keystrokes, who knows!).

Personally I think IME/PSP would be great things to have: if I could set a jumper and burn my own firmware image and signature verification key, then unset the jumper.

Too bad that's not happening...

True, every Intel and AMD chip has hardware backdoor in them call the Intel Management Engine, it's not even x86, it's a ARC/RISC chip and runs Java, operate completely transparent to the OS.

The Intel ME firmware is inside the chipset so you can't even flush it with a BIOS upgrade, you have to buy a raspery pi and us GPIO to manually remove the backdoor firmware by using a clip to grab the chipset, downloading the rom, remove Intel ME from the rom with me_cleaner, then flush it back to the chip.

https://libreboot.org/faq/#intelme

Intel Management Engine (ME) #intelme

In Q3 2009, the first generation of Intel Core i3/i5/i7 (Nehalem) CPUs and the 5 Series Chipset family of Platform Controller Hubs, or PCHs, brought a more tightly integrated ME (now at version 6.0) inside the PCH chip, which itself replaced the ICH. Thus, the ME is present on all Intel desktop, mobile (laptop), and server systems since mid 2006.

The ME consists of an ARC processor core (replaced with other processor cores in later generations of the ME), code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system's memory as well as to reserve a region of protected external memory to supplement the ME's limited internal RAM. The ME also has network access with its own MAC address through an Intel Gigabit Ethernet Controller. Its boot program, stored on the internal ROM, loads a firmware "manifest" from the PC's SPI flash chip. This manifest is signed with a strong cryptographic key, which differs between versions of the ME firmware. If the manifest isn't signed by a specific Intel key, the boot ROM won't load and execute the firmware and the ME processor core will be halted.

Worse, powershell has api to connect to the firmware, all a hacker needs to do is tap into powershell and he'll instantly have KVM access and complete memory and disk control, as demonstrated by the video below:

Itâ(TM)s a sign of the times: the first day of the 33rd Chaos Communications Congress (33C3) included two talks related to assuring that your own computer wasnâ(TM)t being turned against you. The two talks are respectively practical and idealistic, realizable today and a work thatâ(TM)s still in the idea stage.

Untrusting the CPU
A proposal for secure computing in an age where we cannot trust our CPUs anymore

You can't trust your CPU anymore, it's rigged with NSA backdoor.

I applaud your criticism of management co-processors (Intel vPro, Intel ME, Intel AMT, AMD PSP) as while they may have a place in the enterprise world (assuming those IT techs can secure them properly) they are an anathema to home users. I don't support the idea that we all have to be lumped with these back-doors to our systems and believe we should all be able to either choose CPUs that lack them, or disable them entirely (motherboard jumper anyone?) as we wish. Of course I'm voting with my wallet, but the options are shrinking year by year...

Can you expand on why you think Intel is the lesser of two evils here?

For those unsure of what this is about, there is a discussion here and some really good info here. But look out for Leah Rowe at that last link: that bitch be crazy!! [Citation]

I applaud your criticism of management co-processors (Intel vPro, Intel ME, Intel AMT, AMD PSP) as while they may have a place in the enterprise world (assuming those IT techs can secure them properly) they are an anathema to home users. I don't support the idea that we all have to be lumped with these back-doors to our systems and believe we should all be able to either choose CPUs that lack them, or disable them entirely (motherboard jumper anyone?) as we wish. Of course I'm voting with my wallet, but the options are shrinking year by year...

Can you expand on why you think Intel is the lesser of two evils here?

For those unsure of what this is about, there is a discussion here and some really good info here. But look out for Leah Rowe at that last link: that bitch be crazy!! [Citation]

Leah's own post says it was because of the dismissal, not the bulling.

Bullying is mentioned 4 times in the article. Fired is mentioned 16. Continuing:

Leah Rowe, libreboot's main developer and founder, is a transgender woman herself, and several transgender people have contributed to the libreboot project. What the FSF has done is truly disgusting, so Libreboot voluntarily left the GNU project in protest. GNU is funded in large part by the Free Software Foundation. We will not name the person who was fired, for their privacy and safety.

She says right there she left in protest for "what the FSF has done." I.e., fired a transwoman under what she claims (without evidence) was retaliatory. In addition, as mentioned above she does not speak for Libreboot, she merely has control of the website and is acting as a gatekeeper. This is a standard tactic for these authoritarian marxists -- see also the disaster that was Mighty Number 9's Dana for another good example.

In addition, in what universe is "sound familiar" a stereotyping race trigger? You unhinged loon, do you literally see racism everywhere you look!?

It's a reference to how this kind of social justice faux outrage always goes. Wild accusation, no evidence, demands for evidence are ignored or interpreted as harassment / trolling / "sea lioning," demands for some form of reparations, usually in the form of control.

So... the title is accurate and you're full of snot.

Also, you need to get caught up on your lingo. The term "Fake News" is already on it's way out because it turns out that Journalists live in some very thinly pained glass houses indeed.

You're apparently not reading the right links. : https://libreboot.org/gnu/ [libreboot.org]

Uh, no. That's not what this about. : https://libreboot.org/gnu/ [libreboot.org] Try reading before speaking.

Did you actually read this? https://libreboot.org/gnu/ [libreboot.org] Because the allegations aren't even remotely vague. They are very specific.

No, he set out to deliberately mislead. Compare his text to the content of the links - they are either shitty Reddit posts on well known troll boards, or they don't support what he is claiming at all.

Since I doubt you're claiming that the Liinux Subreddit, the Libreroot Developer, or the GNU mailing list are troll boards, I'm presuming you're talking about KiA.

I'd like to refer everyone to that KiA post again, as it's better cited than anything else I've seen on the topic:
https://www.reddit.com/r/Kotak...

Does this look like trolling to you? Archived links to primary sources? Really?

Are any of the links I quoted earlier divergent from my claims? That's apparently your claim. Which ones?

I was even called out for literally quoting Rowe's claims of "transphobia" because apparently quoting that word is "scare quotes," despite the term "transphobia" having a shifting definition that amounts to "anything that a Transgendered individual doesn't like."

You know why it's best to "scare quote" that term? Because without any context it can mean actual transphobia -- firing someone for their Gender Dysphoria -- or it can mean something as benign as refusing to use some made up fake pronouns or suggesting there are only two genders. This muddying of the water is intentional -- motte and bailey again.

We don't know what "transphboia" happened there, because there's no evidence about anything that's happened in this event. As far as we can know, the "transphobia" was firing an underperforming person who just happens to have Gender Dysphoria -- as you can't be Transgender without Gender Dysphoria -- under the theory that Transmen and Transwomen deserve special exceptions to the rules. I.e., the transphobic act was firing this dev, for any reason.

Which brings us back to the original topic. Contrast the above with the pile of very specific and legally actionable claims that the original claimant, one Leah Rowe, makes.
https://libreboot.org/gnu/

There is exactly 0 evidence, 0 citations on this page. None. NONE.

Which one looks more like trolling, the one with 6 primary source citations, or the one that goes on for pages making vague claims of undefined wrongdoing, including directly accusing three people of violations of labor laws.

In fact, just noticed that in my re-reading. Here's that relevant part with the names removed.

The following people should either resign and/or be fired from the FSF, to be replaced by other people:
X - executive director - the one who fired the employee
Y - outreach and communication coordinator - the bully
Z - system administrator - leaked private emails to X, which lead to the employee being fired.

I would like to put forth a different explanation of what happened, which is just as valid as Leah's based on having the same amount of evidence for it.

The employee in question was sending emails they should not have been. We could speculate on what they are -- harassment, threats, some form of slurs -- but it doesn't matter. The system admin did an investigation of said user's email -- no doubt after an investigation request by Human Resources -- and sent the information to HR. HR then recommended termination, which the executive director followed through with.

Does that sound a bit more reasonable than "it's all a conspiracy because the biggest open source organization in the world just hates transgendered people?" The same one that just happened to be the target of several faux outrage attempts (Sarah Sharp's fainting couch moment, the Ada Institute's attempt to fake a rape hoax against Linus, etc) in the past few years? Really?

In the end I refuse to "listen and believe" -- translating from neo-leftist doublespeak, I refuse to ignore due process and t

It's a lot more complicated than that. This is another Gamergate-style shitfight that's been dragging on for a long time, with everyone in very entrenched positions and convinced they're right. Here's one side, here's the other.

that it looks like the GNU has serious issues with bullying and harassment and RMS claiming credit and taking control of projects against the wishes of the ones who actually wrote the thing.

I've said it before and I'll say it again, the RMS fanboys can mod me down all they want but while RMS was integral to the early days today he hurts free software more than he helps and the older he gets the more out of touch and radicalized he gets and the more of an embarrassment he becomes. If free software has to have a figurehead? Make it Torvalds or ESR, Stallman has sadly become the maladjusted stereotype that makes free software look like some Mickey Mouse idea run by nutters.

that it looks like the GNU has serious issues with bullying and harassment and RMS claiming credit and taking control of projects against the wishes of the ones who actually wrote the thing.

I've said it before and I'll say it again, the RMS fanboys can mod me down all they want but while RMS was integral to the early days today he hurts free software more than he helps and the older he gets the more out of touch and radicalized he gets and the more of an embarrassment he becomes. If free software has to have a figurehead? Make it Torvalds or ESR, Stallman has sadly become the maladjusted stereotype that makes free software look like some Mickey Mouse idea run by nutters.

Um - https://libreboot.org/

Also there is more information as to why libreboot left the GNU. From their site - 'Libreboot left GNU on 2016-09-15, in protest of transgender discrimination at the FSF'.

Having read it... That's... an interesting interpretation of events. You'll note the complete lack of evidence in it? That's important.

Here's what actually happened, based on what evidence I could find. Leah Woods is a SJW who had a fit because of some made up bullshit that boils down, like all made up SJW bullshit, to "Open Source is a meritocracy, but we still want special treatment."

Here's a well sourced discussion on it on Kotaku In Action, the GamerGate reddit board:
https://www.reddit.com/r/Kotak...

And some discussion over on reddit's linux board:
https://www.reddit.com/r/linux...

Basically, Leah Rowe had a fit because the FSF parted ways with a transgendered employee.

Leah makes the unfounded claim that the FSF did this because the person has a mental illness (gender dysphoria / gender identity disorder), because someone wrote criticism of said person with mental illness which looked bad on the FSF, etc. She provides no evidence of these VERY specific claims.
http://archive.is/iXIbc

The FSF make a statement on 9/16 pointing out that they have a strong anti-harassment and anti-discrimination policies, as well as a so called "safe space policy" at FSF events. In other words, they have already capitulated to all the standard Regressive Leftist demands. They deny the accusation and say the person with mental illness was terminated for other reasons.
https://archive.is/HGLMa

Leah specifically follows up this claim here, changing her claim to a different claim that two FSF employees were "transphobic" and "bullying" this mentally ill developer. She namedrops these two people, but refuses to namedrop the supposed victim, believing they deserve protection from any criticism or questioning of these claims. Note that this apparently does not apply to the two men she is accusing without any form of evidence of unprofessional and possibly illegal behavior.
https://archive.is/7cXtw#selec...

She follows this up with more increasingly unhinged spam and unfounded accusations. She ignores, bans, or curses out people requesting evidence or disputing her one woman lynch mob. She posts an unhinged screed on her website showing she has little to no understanding of open source, all while repeating the same unfounded claims, as well as claiming martyrdom on her part.
https://archive.is/JmiTG

It's important to note that libreroot is a fork of Coreboot and being part of the GNU project means it was posted under an open source license. Which means someone could easily fork it again and put it BACK in the GNU project. Of course, proving she doesn't understand the first thing about open source, she specifically wants people NOT to do that. I suggest the name cisLibreBoot, because it seems the most amusing name possible.

Fortunately, the GNU mailing list appears to basically shut her histrionics down fairly quickly:
http://archive.is/di974

In addition, it's important to realize the unhinged professional victimhood martyrdom ravings of Leah Rowe, which are REMARKABLY similar to other social justice activists such as Brianna Wu or Nora Reed, don't actually represent the Libreroot community. See, it turns out, what she did was steal access to the main repository and lock out everyone else, all while making her unhinged, evidence-free stat

Um - https://libreboot.org/

Also there is more information as to why libreboot left the GNU. From their site - 'Libreboot left GNU on 2016-09-15, in protest of transgender discrimination at the FSF'.

An org headed by RMS discriminates against transgenders - one of the golden haired children of the Left? Say it ain't so. If anything, I'd have expected them to discriminate against everybody who have not changed their gender.

Maybe whoever maintains his 'Call to Action' notes in stallman.org can add this one to the list

Very informative, but you should cite your source.

Update: It seems this is why Libreboot's maintainers were not pleased with GNU: https://libreboot.org/gnu/

Disclosure: this story is the first time I have heard of this issue.

Although the link points to libreboot's side of this, it still is an eye-opener. TL/DR: the FSF fired a transgender employee on discriminatory grounds, but libreboot unintentionally outed the employee in the first place.

It sounds to me that there are no saints on either side of this issue, but FSF is far more in the wrong than libreboot.

If anyone deserves sympathy here, it's the transgender employee who now faces an uphill battle to reboot their career (pardon the pun.)

Here's what that Leah person has to say about "the sexist" RMS:

For instance, he once described women who have never used GNU Emacs as EMACS virgins. Leah is an emacs virgin.
Leah Rowe is a woman, and she recommends Vim. Her .vimrc is on vimuser.org.
Personal statement from Leah: RMS's comments about emacs virgins is especially offensive to me. Not only is it sexist in general (and directed at me, because I don't use emacs), but also offensive towards my sexuality. His statement implies that men are supposed to have sex with virgin women, and that women only lose their virginity to men. To this day, I've only ever been in lesbian relationships, although I am bi. I lost my virginity to a woman. I find it extremely insulting when someone assumes that I only like men, or that I'm generally interested in men. The woman that I lost my virginity to also happens to be a Vim user, and she is indeed an emacs virgin, like me.

https://libreboot.org/why-not-...

If that person's thinking was a piece of code I wouldn't even try to debug it.

"F-U for not being what I want!!!".

Yeah, how dare she expect Honest, Tolerant, Freedom Loving, Respectable Human Beings?

It's the other way around.

GNU and FSF do not belong in the libreboot community at this point.

https://libreboot.org/gnu-insu...

Let's hope the rich and vibrant libreboot community can thrive again now that the transphobic, intolerant GNU and FSF can no longer oppress them.

The Libreboot page is filled with shitloads of rancor concerning the GNU project and the FSF (which, by its victimized tone, I'm afraid to say doesn't make the maintainer's side of the story more trustworthy). I can easily see why the FSF isn't sorry to see her go. They're probably cutting all ties with the project just to minimize the amount of further drama.

Read it and cringe: - https://libreboot.org/why-not-... - https://libreboot.org/gnu-insu...

She even talks about herself in the third person, even though it's obvious to everybody that she is the one writing it.

Well, one statement is hard to argue with. The FSF and GNU project do have a large number of cult like aspects.

The Libreboot page is filled with shitloads of rancor concerning the GNU project and the FSF (which, by its victimized tone, I'm afraid to say doesn't make the maintainer's side of the story more trustworthy). I can easily see why the FSF isn't sorry to see her go. They're probably cutting all ties with the project just to minimize the amount of further drama.

Read it and cringe: - https://libreboot.org/why-not-... - https://libreboot.org/gnu-insu...

She even talks about herself in the third person, even though it's obvious to everybody that she is the one writing it.

Well, one statement is hard to argue with. The FSF and GNU project do have a large number of cult like aspects.

The Libreboot page is filled with shitloads of rancor concerning the GNU project and the FSF (which, by its victimized tone, I'm afraid to say doesn't make the maintainer's side of the story more trustworthy).
I can easily see why the FSF isn't sorry to see her go. They're probably cutting all ties with the project just to minimize the amount of further drama.

Read it and cringe:
- https://libreboot.org/why-not-...
- https://libreboot.org/gnu-insu...

She even talks about herself in the third person, even though it's obvious to everybody that she is the one writing it.

The Libreboot page is filled with shitloads of rancor concerning the GNU project and the FSF (which, by its victimized tone, I'm afraid to say doesn't make the maintainer's side of the story more trustworthy).
I can easily see why the FSF isn't sorry to see her go. They're probably cutting all ties with the project just to minimize the amount of further drama.

Read it and cringe:
- https://libreboot.org/why-not-...
- https://libreboot.org/gnu-insu...

She even talks about herself in the third person, even though it's obvious to everybody that she is the one writing it.

Something about this summary struck me as strange.

It seems Leah created a project, joined with GNU, then decided to separate from the GNU, and Stallman is talking as if Leah can't go back to her original project. Is that normal? It seems borderline abusive to me.
"Oh, you want to leave? Well, I'm going to make sure I tell everyone publicly that you have my permission, because I am the one in power, and you are lucky that I am letting you go."

Leah's reason for the split was because of discrimination that occurred at Free Software Foundation, GNU's main funding source. I'm not very familiar with the situation, but at the very least, here are links for another side of the story:
https://libreboot.org/gnu/
https://libreboot.org/gnu-insu...

Something about this summary struck me as strange.

It seems Leah created a project, joined with GNU, then decided to separate from the GNU, and Stallman is talking as if Leah can't go back to her original project. Is that normal? It seems borderline abusive to me.
"Oh, you want to leave? Well, I'm going to make sure I tell everyone publicly that you have my permission, because I am the one in power, and you are lucky that I am letting you go."

Leah's reason for the split was because of discrimination that occurred at Free Software Foundation, GNU's main funding source. I'm not very familiar with the situation, but at the very least, here are links for another side of the story:
https://libreboot.org/gnu/
https://libreboot.org/gnu-insu...

Update: It seems this is why Libreboot's maintainers were not pleased with GNU: https://libreboot.org/gnu/

https://libreboot.org/ -> points to https://notabug.org/vimuser/li... for the source code,...