Slashdot Mirror

← Back to Stories (view on slashdot.org)

FSF-Endorsed Libreboot X200 Laptop Comes With Intel's AMT Removed

Posted by timothy on from the if-thine-eye-offends-thee dept.

gnujoshua (540710) writes "The Free Software Foundation has announced its endorsement of the Libreboot X200, a refurbished Lenovo ThinkPad X200 sold by Gluglug. The laptop ships with 100% free software and firmware, including the FSF's endorsed Trisquel GNU/Linux and Libreboot. One of the biggest challenges overcome in achieving FSF's Respects Your Freedom certification was the complete removal of Intel's ME and AMT firmware. The AMT is a controversial proprietary backdoor technology that allows remote access to a machine even when it is powered off. Quoting from the press release: "The ME and its extension, AMT, are serious security issues on modern Intel hardware and one of the main obstacles preventing most Intel based systems from being liberated by users. On most systems, it is extremely difficult to remove, and nearly impossible to replace. Libreboot X200 is the first system where it has actually been removed, permanently," said Gluglug Founder and CEO, Francis Rowe."

3 of 179 comments (clear)

  1. Now that all the secure everything is gone... by Anonymous Coward · · Score: 4, Insightful

    Can we put it all back, under our control?

    I want a computer that secureboot's my signed bootloader that boots my signed kernel that executes my signed init and starts a signed console with a signed login and logs me into a signed bash.

    I want the promise fulfilled: that I know with cryptographic certainty that as long as my key is secure, "They" have not tampered with my persistent environment.

    A far cry from what it has become: the MAFIAA knowing with cryptographic certainty that I have not tampered with my environment.

  2. Re:Since when is AMT controversial? by Anonymous Coward · · Score: 5, Insightful

    God fucking christ dammit.

    How can you trust any hardware unless you audit the design and the machinery used to implement that design on silicon?

    The fact is that you can't.

    There are almost certainly undocumented Intel instructions or I/O ports which will enable software to bypass OS level protections. I imagine they are used almost never, but when they're used, you can be damn sure it makes a huge difference to the party with the privilege to know them. What can we do about it? Sweet fuck all until we get over the idea of trusting big business/government contractor (but I repeat myself) and develop and implement hardware the way we develop software. Won't the start-up cost be prohibitive? Eventually no.

    In the meanwhile, un-Clippered encryption will be outlawed, and hardware licensed to require backdoors.

  3. Re:Since when is AMT controversial? by Rennt · · Score: 5, Insightful

    However you slice it, AMT is a backdoor. If you control the backdoor on your own equipment then you can do some cool tricks, but implementing a backdoor massively increases the attack surface of the system.

    The question is whether the cool tricks are worth the risk. For managed corporate drone PCs the answer is probably yes. For everyone else it is definitely no. For a personal laptop it's an emphatic FUCK NO.

    Badly written Hollywood movies used to give crackers stupid computer-superpowers. Now that AMT is here those kind of fantasies become reality.