FSF-Endorsed Libreboot X200 Laptop Comes With Intel's AMT Removed

gnujoshua (540710) writes "The Free Software Foundation has announced its endorsement of the Libreboot X200, a refurbished Lenovo ThinkPad X200 sold by Gluglug. The laptop ships with 100% free software and firmware, including the FSF's endorsed Trisquel GNU/Linux and Libreboot. One of the biggest challenges overcome in achieving FSF's Respects Your Freedom certification was the complete removal of Intel's ME and AMT firmware. The AMT is a controversial proprietary backdoor technology that allows remote access to a machine even when it is powered off. Quoting from the press release: "The ME and its extension, AMT, are serious security issues on modern Intel hardware and one of the main obstacles preventing most Intel based systems from being liberated by users. On most systems, it is extremely difficult to remove, and nearly impossible to replace. Libreboot X200 is the first system where it has actually been removed, permanently," said Gluglug Founder and CEO, Francis Rowe."

Since when is AMT controversial?

[ArmoredDragon]

I've always found AMT useful. It's turned off by default, so I'm not sure how it's a security risk. What I like about it is the following:

- Allows you to remotely manage client PCs in a work environment, up to and including re-formatting the HDD with a new OS, including being able to remotely mount a local ISO image to install the OS.
- Works even when some of the most critical system components don't work, such as CPU, RAM, etc, as it's an independent subsystem. Even if you don't want the remote management features, this is a huge deal when you have a seemingly dead system and aren't sure exactly how to fix it. AMT helps you figure out the EXACT problem FAST, and you don't even have to have the computer in your hands to do so.
- Integrates with LDAP (including Active Directory, Samba, etc)
- Provides the ability to power on and remotely wipe the laptop if it was stolen and contains sensitive data.

So what's so controversial about it?

Re:Since when is AMT controversial?

God fucking christ dammit.

How can you trust any hardware unless you audit the design and the machinery used to implement that design on silicon?

The fact is that you can't.

There are almost certainly undocumented Intel instructions or I/O ports which will enable software to bypass OS level protections. I imagine they are used almost never, but when they're used, you can be damn sure it makes a huge difference to the party with the privilege to know them. What can we do about it? Sweet fuck all until we get over the idea of trusting big business/government contractor (but I repeat myself) and develop and implement hardware the way we develop software. Won't the start-up cost be prohibitive? Eventually no.

In the meanwhile, un-Clippered encryption will be outlawed, and hardware licensed to require backdoors.

Re:Since when is AMT controversial?

[Rennt]

However you slice it, AMT is a backdoor. If you control the backdoor on your own equipment then you can do some cool tricks, but implementing a backdoor massively increases the attack surface of the system.

The question is whether the cool tricks are worth the risk. For managed corporate drone PCs the answer is probably yes. For everyone else it is definitely no. For a personal laptop it's an emphatic FUCK NO.

Badly written Hollywood movies used to give crackers stupid computer-superpowers. Now that AMT is here those kind of fantasies become reality.

Re:Since when is AMT controversial?

[fuzzyfuzzyfungus]

A mixture of both. The AMT system includes a dedicated ARC cpu, which runs its own OS and functions independently of the host to a large degree; but also can see into, and sometimes make use of, some of the hardware visible to the host system(details depend on version). For communication, for instance, the AMT system has access to the wired NIC below the OS's view(wireless NICs are more complex, I think AMT can do a direct connection to a trusted AP if configured to do so; but can't do VPN without piggybacking on the host OS), and it also has enough hooks into the various peripherals that it can do remote KVM in hardware, by emulating HID devices and snooping the framebuffer, mount an .iso as though it were a connected SATA device, and access some storage and memory locations that are also accessible to the host OS or programs, in order to gather data on system health, software versions, etc.

I'm not exactly sure how the BIOS/UEFI flash and the flash that stores the AMT firmware are related to one another. On computers with AMT, a 'bios update' will often flash both; but I don't know if that's because they are just different areas of the same SPI flash chip, or whether it's just a convenience bundling of two nearly unrelated updaters.

Re:even when it is powered off.

[fuzzyfuzzyfungus]

That may differ between laptops and desktops, or between AMT versions. On the desktops I've seen the AMT stuff is active if the PC is plugged in, regardless of its power state. Some of the capabilities of the AMT system cannot be used if the host PC is off; but the system itself runs on a separate processor and only turns off if the PSU is unpowered. Laptops may need to be more conservative, for the sake of retaining battery life while inactive.

Now that all the secure everything is gone...

Can we put it all back, under our control?

I want a computer that secureboot's my signed bootloader that boots my signed kernel that executes my signed init and starts a signed console with a signed login and logs me into a signed bash.

I want the promise fulfilled: that I know with cryptographic certainty that as long as my key is secure, "They" have not tampered with my persistent environment.

A far cry from what it has become: the MAFIAA knowing with cryptographic certainty that I have not tampered with my environment.