FSF-Endorsed Libreboot X200 Laptop Comes With Intel's AMT Removed

gnujoshua (540710) writes "The Free Software Foundation has announced its endorsement of the Libreboot X200, a refurbished Lenovo ThinkPad X200 sold by Gluglug. The laptop ships with 100% free software and firmware, including the FSF's endorsed Trisquel GNU/Linux and Libreboot. One of the biggest challenges overcome in achieving FSF's Respects Your Freedom certification was the complete removal of Intel's ME and AMT firmware. The AMT is a controversial proprietary backdoor technology that allows remote access to a machine even when it is powered off. Quoting from the press release: "The ME and its extension, AMT, are serious security issues on modern Intel hardware and one of the main obstacles preventing most Intel based systems from being liberated by users. On most systems, it is extremely difficult to remove, and nearly impossible to replace. Libreboot X200 is the first system where it has actually been removed, permanently," said Gluglug Founder and CEO, Francis Rowe."

Since when is AMT controversial?

[ArmoredDragon]

I've always found AMT useful. It's turned off by default, so I'm not sure how it's a security risk. What I like about it is the following:

- Allows you to remotely manage client PCs in a work environment, up to and including re-formatting the HDD with a new OS, including being able to remotely mount a local ISO image to install the OS.
- Works even when some of the most critical system components don't work, such as CPU, RAM, etc, as it's an independent subsystem. Even if you don't want the remote management features, this is a huge deal when you have a seemingly dead system and aren't sure exactly how to fix it. AMT helps you figure out the EXACT problem FAST, and you don't even have to have the computer in your hands to do so.
- Integrates with LDAP (including Active Directory, Samba, etc)
- Provides the ability to power on and remotely wipe the laptop if it was stolen and contains sensitive data.

So what's so controversial about it?

Re:Since when is AMT controversial?

God fucking christ dammit.

How can you trust any hardware unless you audit the design and the machinery used to implement that design on silicon?

The fact is that you can't.

There are almost certainly undocumented Intel instructions or I/O ports which will enable software to bypass OS level protections. I imagine they are used almost never, but when they're used, you can be damn sure it makes a huge difference to the party with the privilege to know them. What can we do about it? Sweet fuck all until we get over the idea of trusting big business/government contractor (but I repeat myself) and develop and implement hardware the way we develop software. Won't the start-up cost be prohibitive? Eventually no.

In the meanwhile, un-Clippered encryption will be outlawed, and hardware licensed to require backdoors.

Re:Since when is AMT controversial?

[Rennt]

However you slice it, AMT is a backdoor. If you control the backdoor on your own equipment then you can do some cool tricks, but implementing a backdoor massively increases the attack surface of the system.

The question is whether the cool tricks are worth the risk. For managed corporate drone PCs the answer is probably yes. For everyone else it is definitely no. For a personal laptop it's an emphatic FUCK NO.

Badly written Hollywood movies used to give crackers stupid computer-superpowers. Now that AMT is here those kind of fantasies become reality.