/tech/ - Technology

>>539402

How hard would it be to make your own CPU? Specifically, how does one go about acquiring the equipment needed to dope all of those logic gates into a square inch of silicon? Since that's probably the hardest part.

So. How botnet is VIA? I have no experience with their products but I know they are really the only other runner up to amd and intel.

>q6600

>i should be safe

>"IME is present on all Intel desktop, mobile (laptop), and server systems since mid 2006."

>"Core 2 Quad Q6600, clocked at 2.4 GHz, was launched on January 8, 2007"

SHEEEEEEEET

>>539407

That would be way to expensive.

Just get an fpga.

>>539407

The hardest computer related thing you could possibly do on your own tier I think

It looks like the last Intel CPUs before Botnet Management Engine are Cedar Mill chips from 2006 (Pentium 4 HT 631, 641, 651 and 661).

On the AMD side, it looks like chips before AMD Botnet Security are Piledriver models (FX-8300, 8320E, 8320, 8350, 8370E, 8370, 9370 and 9590).

It would be nice if a severe exploit for IME and/or PSP started being widely distributed, to get ordinary users pissed off about them. Otherwise, there's no chance of getting new hardware with some of these backdoor capabilities toned down.

>>539414

>Before version 6.0 (that is, on systems from 2008/2009 and earlier), the ME can be disabled by setting a couple of values in the SPI flash memory.

>>539451

Looks like if you want to have a secure machine around for banking or whatever, it'd be easiest to put together a cheapo Phenom II rig.

>>539452

cool

anyway to do that without installing libreboot?

So... What are some good 3rd position CPUs?

Support for PC Power when?

>>539402

f15h master race. Still looking up to Zen to do my ffmpeg and imagemagick hard work.

>>539475

What is point of having secure banking machine when banks themselves use insecure machines?

>>539407

> Specifically, how does one go about acquiring the equipment needed to dope all of those logic gates into a square inch of silicon?

Well first you get a few hundred million in venture capital, then you design your own processor, then you build a factory to spit them out.

>>539407

You could write your own CPU in C++. I wouldn't recommend assembly or C for the CPU, nobody uses those two languages anymore.

>>539451

I have an 8320 so it seems I am safe, then.

>>539451

now I think im gonna buy that cheapo pentium 4 HT i saw some time.

Stop calling everything a botnet you fucking retards.

>>539407

Have you ever seen someone make a 4bit CPU? Let's just say, I don't think it's feasible for one man to build a modern CPU.

>>539562

Nice b8, m8.

>>539586

Here we go, found it.

https://github.com/xoreaxeaxeax/sinkhole

>>539402

No shit, BIOS/UEFI is non-free software.

>>539402

thanks for reposting this valuable and fresh content from 2015 for at least the third time this week. /tech/ is so much better with autists policing non-sticky content 24/7.

>>539402

>AMD Platform Security Processor

Doesn't exist outside its APUs. /thread.

>>539412

The quality of via product is unfathomably low. Literally doesn't work out of the box by design-low.

>>539475

>tfw my main machine already has a phenom ii

I guess that's not so bad anymore?

>>539555

Poor security on one end is still better than poor security on both ends.

>>539565

Go look up what botnet means you fucking retard.

Qualcomm Part II

http://www.worldlawdirect.com/forum/class-actions-defective-products/86603-cell-phone-embedded-qualcomm-processor-backdoor-technologies.html

"We are a small security solutions company based out of Ottawa Canada. It has come to our attention by way of by way of decapsulation of several smart phone brands and models (see bottom for list) that the central processor chip in all cases manufactured by Qualcomm Corp used by most manufacturers has been fitted with a transceiver device. We have determined that the antenna is hidden away inside one of the surrounding ceramic capacitors. .."

I repeat: "... is hidden away inside one of the surrounding ceramic capacitors ..."

RISCV WHEN?

>>539407

ask Ahmed, he solders his own processors.

lookimg OpenPower from IBM and friends. It's still enterprise class but i'm sure it's worth throwing money at, needs to get into the consumer market.

when im rich ill start a cpu company

>>539562

>downloadmoreram.com

>>540504

The problem with POWER, even if you buy used, is that you end up paying 2500€ for the performance equivalent of 250€ amd64/x86 hardware.

>>539402

>All modern Intel and AMD CPUs are confirmed botnet.

what is AMT

>>539407

impossible realistically. Open source ISAs exist like RISC-V and lowRISC. The problem is getting funding for fabs to manufacture them and then support on the hardware area.

Ever seen a non powerVR GPU on non x86? NOPE because major fabs like nvidia/amd don't care. FPGA GPUs are shitty and barely work for 2d.

>BUT

Russia is investing in MIPS based computers and India is planning on manufacturing RISC based computers.

http://www.tomshardware.com/news/t-platforms-aio-pc-mips-baikal-t1,31324.html

>>540690

Here's your reply to your shitty bait

>>539451

>tfw using an OC'd 8350

Better stock up on 9590's when they drop in price.

>>540239

Are you shillcen, but wearing Groucho Marx glasses? Every post you make hurts to read

>>540245

Hopefully soon.

First question: If I've already got an unsecure CPU what can I do to prevent it from talking to the 'home server'?

Second question: If I've already got an unsecure CPU does it matter which one?

>>540796

>bretty gud tier

Disconnect your computer from the internet. Entirely. As in, physically remove the wifi antenna, bluetooth antenna, usb ports, cd drive, etc.

>sooper seekrit/the NSA will never get my frog maymays tier

The same as above, but also place your computer in a faraday cage. for maximum autism soothing, bolt your computer to the wall so you don't accidentally remove it from the cage.

>might work tier

Maybe running an OS inside a hardware emulator (not a VM, an actual software-based hardware emulator) would work?

The way most hypothetical CPU backdoors work is through privilege escalation. If you've disabled Intel's botnet engine, the CPU can't technically do anything on its own -- it needs software to do any spying -- but it could serve as an always-available privilege escalation vulnerability for the NSA to get ring 0 privileges after they compromise your browser.

So essentially what would happen is the processor would contain some "defect" (that's the beauty of it; the vulnerability would seem like a design defect, and not an intentional vulnerability, if it was ever found) that would cause it to enter ring 0 if some event was triggered. There would have to be some specific trigger, both because people would notice if random chunks of user space code started executing as ring 0 out of nowhere and because the NSA wants the vulnerability to work reliably.

The trigger would likely take the form of some specific value(s) being set in some specific register(s). So, registers such-and-such gets set to some random combination of 64-bit values, giving you potentially 256+ bits of entropy in which to hide the key -- more than enough to prevent it from being found accidentally even if every computer in the world was set to look for it for centuries on end. But since you know what the secret values are, you can set the trigger registers to the trigger values when you get ring 3 code execution on the machine, causing your code to auto-magically escalate to ring 0.

Technically, software-based emulation could prevent such vulnerabilities from being exploitable, since the code the NSA wants to escalate wouldn't be running on bare metal in that case and so would not be capable of directly setting any specific registers to any specific values. This would prevent the vulnerability from being exploitable, as the CPU has know way to "know" when it is running the NSA code it is supposed to execute (remember, the CPU is only hardware and can't scan through memory or look through the disk for specific pieces of software without some corresponding software backdoor).

Not sure how effective that would be, though, or if there's a way the NSA could bypass it. Is there anyone else more knowledgeable in the inner functions of CPUs that could let me know if what I've said is a viable method?

>>540838

So basically: No, there's nothing you can do about it.

Would I be entirely incorrect in assuming that some distro of Lewnix would be more secure for this than Windopes?

Old new op.

Great thread.

>>540843

Was going to post a long, detailed explanation and response about possible other dangers and countermeasures, but I ended up deleting the post through fumble fingers. As it's too late and I spent far too much time on that post as it is, I'll post it tomorrow.

Wouldn't any decent firewall on a separate hardware between compromised machine and the internet prevent spyware from communicating with it's master?

Can we trust our ARM/MIPS router?

Can spyware steg-hide data in other traffic if we limit packet exchange to a minimum?

>>541762

What do you think about void as a distro?

>>541843

Void is also a stellar choice. It is independent and free of systemd.

>>539561

>Well first you get a few hundred million in venture capital, then you design your own processor, then you build a factory to spit them out.

You forgot the part about patents.

>>541762

The million dollar question still remains: what am I going to do 10 years in the future when my 2012 AMD is obsolete and every single website will bring my entire system to a grinding halt due to slow CPU? It happens right now with even something as relatively recent as a Core 2 Duo, opening any web site with one of them takes like 30 seconds or more.

>>541762

Or should I just go for an ARM single board computer that is as open source as possible and install Gentoo on it?

>>539402

>Regarding Intel under Wengblows.

You don't have to install the Intel Management Engine drivers. You will have a non functioning device in device manager. Who gives a shit. I don't see how it could function without the driver/IME application installed.

How could this be utilized in Linux? Isn't this shit designed for Win?

>enlighten me

>>542738

You have to ask yourself this;

"Do computers from 2006 still work fine dealing with modern web applications?"

And the answer is generally yes, they do, you can think of it this way also;

"Will a Netbook from 2010 still work fine today?" The answer will generally also be yes

Moore's law slowing down means we won't need the latest and greatest hardware every year, it means the computing industry is becoming more like the automotive industry. You're expected to drive the same car for the next 20 years or even more and pass it down to someone else, and that car you're expected to have for 20 years may be 20 years old when you first get it.

>>542785

>Moore's law slowing down means we won't need the latest and greatest hardware every year, it means the computing industry is becoming more like the automotive industry. You're expected to drive the same car for the next 20 years or even more and pass it down to someone else, and that car you're expected to have for 20 years may be 20 years old when you first get it.

That would at least be a positive outcome from an e-waste reduction perspective, something I want as well actually,Unfortunately it might be too optimistic. It can easily instead and I'd argue it's going more like the cellphone market. Where planned obsolescence is preferred and buying a new phone every year or even six months is encouraged, or encouraged to be shown as fashionable.

>>542738

I think you should listen to >>542785.

The Jews tech industry will continue bending over backwards to natively backdoor hardware. As Libreboot states, the CPU "management engines" are such egregious insults to the user's freedom, to the point that they should be avoided altogether.

RMS himself has resigned to computing on a now 10-year-old Thinkpad for the sole purpose of preserving his freedom.

Modern computers have evolved so greatly that we should be the ones afraid of them, not the other way around. Thinking technically, a laptop from 2006 like the Thinkpad X60 is capable of a lot more than you'd probably expect.

>>540838

>Not sure how effective that would be, though, or if there's a way the NSA could bypass it.

Not guaranteed, but if you're running everything in a virtual machine there could be some input that causes it to assign certain values to certain registers (e.g. a plus operation would need to put both operands in registers and perform some flavor of addition instruction).

>>542740

ARM single board computers are the future.

>>542800

RMS mostly just reads and writes mails though. He could do it on a ZX-Spectrum if he'd try.

Just use those cheap chinese knockoff ARM processors.

We really need to thank those chinese factory labourers, sacrificing their freedom so we can have ours.

>>539414

q6600 was my first chip. I used it until about two years ago. Fucker ran hot.

>>542738

>The million dollar question still remains: what am I going to do 10 years in the future when my 2012 AMD is obsolete and every single website will bring my entire system to a grinding halt due to slow CPU?

We'll just write bloat-free wrappers around web services. Look at stuff like youtube-dl. Start with that, add accounts, comments, video posting, and other functionality.

>>539611

[citation needed]

nice digits

>>539601

Yes board quality has totally gone up. I'm am totally enjoing the benefits of new arivials who can't be bothered to search first or RTFM.

Obvious sarcasm

>>542858

How about fuck off with that shitty idea.

>>542858

>We'll just write bloat-free wrappers around web services.

Good luck with that.

>Anything website related.

>Not bloat

Look at stuff like youtube-dl. Start with that, add accounts, comments, video posting, and other functionality.

Why the fuck would you want to do that shit?

>inb4 I have a youtube channel and need to stay in contact with my followers.

>>>/oven/

>>542861

>Why the fuck would you want to do that shit?

So you can... Keep using select services on ancient technology? Participate in culture with consuming as much? Freedumbs?

>>539402

>Wireless interface adds a layer of difficulty.

>Wireless more secure for once?

Limitations of IME and AMT when using a wireless interface:

>"Wireless management interface disabled by default. The wireless management interface is always initially disabled, even if valid wireless profiles are configured in the ME and Intel AMT is enabled. Wired Intel AMT interfaces can be enabled by default at the point of manufacture."

>" Power-state sensitivity. As mentioned above, the wireless Intel AMT interface, like the host wireless interface, is powered down when the host is in low-power states. Thus, the key value of wireless Intel AMT connectivity pertains to its ability to connect to machines with non-functioning operating systems, as well as to isolate malware-infected systems from the rest of the network. The wired management interface remains enabled in all power states, as long as the host machine is plugged into a power source."

https://software.intel.com/en-us/articles/technical-considerations-for-intel-amt-in-a-wireless-environment

>>542861

RMS already does. When he wants to fetch a web page he runs an Emacs script that asks a remote server to fetch the page and mail it to him. That's how he can still run on an old-ass ThinkPad.

>>542848

Yeah, I recently remembered a thread about single board computers that mentioned the Beagle Bone Black. These machines are our last hope for freedom for the simple reason of not even being PCs. They're the closest thing there is to an un-botnetable device, they're basically as open source as an electronic device can legally get. I'm very strongly considering getting one of those.

>>543028

>Yeah, I recently remembered a thread about single board computers...

I can upload a copy of that if you want?

Sage for OT.

>>543134

doit

Polite sage for politeness sake.

>>543139

No problem it way take a little while.

Also it currently only shows with LibreOffice and mabye OpenOffice but I haven't tested it.

I'l try it with mupdf, later on.

I think it know why it isn't working in Firefox and co. I'l see if my hypothis is correct.

I can see if I can get it to work

>>543134

Found the thread. >>475791

>>543188

Thanks.

I think I even posted in it, but don't remember much.

captcha: "armagd". It symbolises the end of world of x86.

obscure architectures go

>>543200

When it dies, just ask and I'l provide you with a copy.

>>543176

I would fug him.

>>543210

I would thoroughly waterboard him along with king nigger just for entertainment purposes.

>>543211

watersports are icky.

>>542848

This.

The Chromebook c201 has libreboot support. It's modern and more free than RMS' Thinkpad.

It's only missing libre graphics.

I would buy one now if I was sure linux-libre could boot it. As of now you need to salvage the graphics blob and Chomium kernel to use it, or use it without graphics acceleration to acheive true freedom. ARMs have zero microcode and the c201 has no embedded controller blobs

Oh and it can be flashed with a USB; unlike Thinkpads. It also has triple the battery life and smaller form factor. What's not to like?

https://libreboot.org/docs/hcl/c201.html

What this says would include all core 2s right?

From what I've seen its only the vpro boards of that era that have the ME, non vpro ones with non Intel nics should be fine afaik.

And for the vpro boards, using a different nic should also be fine.

Yeah it sucks that its vulnerable to exploits but you can still use one of these systems without compromised privacy

>>543228

Good job on missing the point.

>>543304

>software framebuffer because ARM harassed the guy working on the free driver into unemployment

>proprietary wifi in $CURRENT_YEAR

get fucked

>>542738

At that point, RISC will take over.

>>543210

shit taste tbh fam.

>>543343

Arm did what? Arm seems like the worst company.

>>543351

Like the burger presidential election, they're all shit, though RISC will come SOON!

Is Lemote safe?

>>543209

It died. I have my own copy though.

I assume "post-2009" includes 2009? And my i7-870 is botnet enabled?

Can anybody provide specific info about which AMD chips have this platform security? Like a list or something?

I did a slight amount of research and some 15h chips have it, what are some of the fastest ones that don't have it?

15h includes Piledriver, Steamroller, Excavator

>>543474

DAT ARM

>>543476

According to an Anon only the APU's have it.

>>543497

I see the list in an earlier post now too, thanks

Do not have it:

>(FX-8300, 8320E, 8320, 8350, 8370E, 8370, 9370 and 9590)

There are some half-decent CPUs in that list, so this settles it, I've been waiting for Zen forever but will not postpone that wait any longer, and will get an 8370 9590 instead. I'm using an ancient CPU now so this actually will be a big improvement, I was just holding out (seemingly forever) for Zen, to have a bigger jump or maybe lower costs on older stuff

>>543474

arm architecture was made by a bunch of english scientists at cambridge, and later acorn computers and amstrad.

>>543501

Personally I would suggest the 8320 which is what I am running as the TDP is in the low end for AMD.

Also the 8350 is just a higher clocked and binned version.

With the other ones being higher clocked and binned ones off the 8350 which also drawing way more power for realistitly little benefit.

no problem and your welcome.

>>543505

Thanks for the recommendation. I was going to just go for the top and not do a lot of research this time, but that will save me some money.

I'm currently running a first-gen C2D because I'm a glutton for punishment and have been willing to just suffer for some years now hoping for some sea change in the market that doesn't include NSA bullshit. That was wasted time I guess

>>543507

I was hyped for Zen and was planing on waiting out for it so that I could have a nice low power x86 pfSense router.

I guess I'm going to have to hope that a pre PSP APU underclcoked,undervloted and with low power memory will be power efficent at all.

My current router a EOL POS.

>>543518

Fuck, I use an asus EeeBox as a router (some intel atom POS, literally was a point-of-sale system before i got it for free). Unfortunately I use it with a second USB ethernet adapter which limits the network performance but it's enough for me

But yeah it always worked for me, I even experimented with Snort inline when that was a thing, and never saw a noticable performance hit

>>543523

Thanks for the detail.

Hopefully I can get it all to work togother to have a decent update wifi router.

>>543527

Honestly I always got along fine even before the EeeBox when I saw using a PI Model B with a second USB (Asix) ethernet adapter. And consider that's even with inline (blocking) Snort with a bunch of rules (I am not using this any longer)

I'm a burger with less than 20mb DL internet, and this only ever added a tiny bit of latency. If you want it to keep up with gigabit or even 100mb then you may be disappointed. It probably works if you are a burger though. A lot of CPU is not normally needed for a home router.

I don't know your use-case 100%, but you should not need to wait for some CPU, you just need the right buses for whatever cards you need (so you aren't handicapped by shit USB) and anything should be fine.

>>543532

>when I saw

When I was

To simplify:

I don't think you need a strong CPU for a router, just the right slots/buses/whatever to support your network adapters at full speed. Any low end modern cpu should do. I got along with a RPI or intel atom based system and was doing shit that involved inspecting every packet and possibly blocking based on content, most firewalls don't even do that

So how do we know specifically which processors are affected in the AMD line? It states starting in the 16h line, that's Zen. So any 15h gen should be fine? It seems so odd to define it by microarchitecture.

Very frustrating that they don't give information sources.

>>543551

No, it's Jaguar+. But it sounds wrong because I have a kavari (steamroller 15hgen3) and it's made more recently than mullins APUs with PSP, so surely it should have it.

Need to find a list of all amd processors with PSP.

>>543343

You can use a libre wifi usb

It's the best thing we have right now, x200 is an eyesore to the public

>>543573

Best thing if you don't require graphics that is, or if you don't mind using a non-free driver for now. The rest is free enough.

>>543567

Yep, my processor has the ARM chip. Shit.

https://en.wikipedia.org/wiki/List_of_AMD_accelerated_processing_unit_microprocessors#Brazos:_.22Desna.22.2C_.22Ontario.22.2C_.22Zacate.22_.282011.2C_40_nm.29

>>539402

Ok but how does that data get transmitted back to HQ?

>>543602

We can assume via the kernel, right? Since it's at ring -2.

>>543598

wrong link

https://en.wikipedia.org/wiki/List_of_AMD_accelerated_processing_unit_microprocessors#.22Kaveri.22_.282014.2C_28_nm.29

>>543631

Yes, generally, in fact they were some of the first to implement it. That said, Intel is sure to have a hell of a time distinguishing data from individual VMs if you're using a hypervisor. It'd also be hard to hide network traffic in an environment like that, though most servers have an integrated lights out management system that it could probably hide in. (see DELL iDRAC or Oracle ILOM)

>>543645

He lives, he dies, he lives again. He rides eternal, shiny and chrome.

>>539407

are you talking about designing or just manufacturing?

because on the designing part, you need hundreds of thousands of work hours from highly, highly specialized people. like, the degree of complexity is absolutely unreal. you need hundreds if not thousands of people who dream in logic and those kinds of people are already employed by massive companies.

on the manufacturing side, it's equally unlikely. you need not only the hardware capable of such fine manufacturing process, but also the environment. the building it's in damped, all the equipment is damped, I mean, the building itself probably costs millions if not tens of millions to build. if it's a modern CPU, the degree of accuracy required is approaching atomic. if the building itself isn't configured properly, a truck passing by on the other side of the street will shake up your process.

that's not even mentioning the equipment itself, not including testing equipment, all pieces of which probably cost in tens to hundreds of millions of dollars.

what you could realistically build yourself is so weak you wouldn't even bother.

>>543658

couldn't think of any other way to describe it.

if you ever run into someone who refers to logic in terms of metal, you're probably talking to someone who knows their shit.

>2020

>Accidentally a very dreary cyberpunk world

>Everyone uses clusters of old xeons instead of buying new processors

Who cares about power bills anyways? We can just put wind turbines in low income neighborhoods if we need more juice.

>>539402

So, does that means Intel and AMD will dismiss literally themselves getting hacked with an exploit of their own platforms as just collateral damage? Are they just going to prominently throw anyone who dares exploiting their platforms into jail to give the message that you're only allowed to exploit people if you're part of the powers that be?

>>543727

I want to see it happen and watch them both go bankrupt. Chinks are making their own cpus now and I doubt they'd use anything from jewtel/MAD for their gov shit.

>>543718

solar makes more sense. turbines need to be high up and are loud as fuck.

>>543654

Designing is not that hard actually. Get yourself (kinda expensive) FPGA dev board, learn some verilog and here you go.

But you don't have to design anything anyway, there's more than enough open architectures around.

>>543718

We need to invest in thorium reactors.

Theoretically, they can be scaled down to fit into homes, could probably even replace oil burning furnaces with them without taking up extra space and still produce enough power to negate the drain.

>>543574

How about the storage, usb 3 controller, SoC and such. Are they free?

>>539402

Is there anything that can be used instead of this?

I would throw money at this project

http://wiki.vero-apparatus.com/ARM64OpenLaptopConcept

>Nintendo Wii has POWER processor

>It's probably super cheap on second-hand market

>you can install linux on it

I googled a bit and ended up really confused, because it looks like people run linux on a Wii in some sort of emulator, but I really hope I'm wrong here. If you can install Linux on Wii on bare metal and have full control over system resources, it can be our best candidate in saving us from enslavement by x86-illuminanti.

>>544773

>24+64 MB of RAM

>less RAM than cheapo ARM-on-a-stick

Oh, nevermind then.

>>544774

PCs always have absolutely massive amounts of RAM compared to present day consoles. They have to run an OS that 95% of the time eats 1 GB of RAM plus extra programs installed by the user, since they're general purpose machines that do everything by software they also need a zillion libraries and display drivers that do what a console does with hardware, and PC developers know damn well you can always buy more RAM and have no qualms with abusing that feature.

>>545222

Still, 64 Mb is a bit too little though. Just video buffer alone for 1920p is easily 6-8Mb, 12-16 with double buffering.

>>539402

All laptops sucks in every aspect.

They are slow, ugly, expensive, limited,

uncomfortable piece of crap.

You can live with a fx-xxxx series

they are pretty fast.

I don't care

Seems I'll be in the market for used SPARC and POWER8 systems.

>>542946

>If you haven't done anything illegal, you have nothing to fear :^)

>t. Shylock Goldberg Lillienstein

>>542746

https://my.mixtape.moe/vdkgjn.webm

"Out-of-band" means that it is self-contained, as opposed to requiring an OS agent

Also, as libreboot.org/faq/#intelme says, it is in fact am entire OS running independently of the main OS, with its own network access, etc outside of the OS's view

>>540237

dutch tax avoidance addresses:

Qualcomm

Straatweg 66 s

3621BR

Breukelen

Intel

Capronilaan 37

1119NG

Schiphol-Rijk

AMD does not have one in the Netherlands.

>>543654

>because on the designing part, you need hundreds of thousands of work hours from highly, highly specialized people. like, the degree of complexity is absolutely unreal. you need hundreds if not thousands of people who dream in logic and those kinds of people are already employed by massive companies.

...or just use http://opencores.org/projects literally dozens of various CPU cores

>since recent versions of it can't be removed

Can't you just overwrite the ME on the chip where it's located? From what I understand, the ME checks that it's still installed by verifying that there's a signed ME image in a specific location of the SPI chip. So couldn't you just overwrite the software that performs that check, then overwrite the software on the spi chip?

I mean, conceptually it makes sense -- you have to have some software to actually check if ME is installed and instruct the computer to shut down, and if you can overwrite that software you can bypass it.

The only difficulty I can forsee is that it might be difficult to actually write to the chip where the ME image is located.

I understand how software writes to the disk, but I have no clue how writes to flash ROM are performed. Can anyone tell me how exactly software writes to flash rom on the mobo? Is there any particular instruction that is used; and how do you differentiate between different ROM storage locations?

>>539423

FPGAs look like a viable solution even to the fab backdoor problem. FPGA LUTs (cells) are simple, can be throughly tested, and you can implement a CPU in luts in astronomical number of ways.

Sadly, Stallman hasn't yet grown to appreciate FPGAs..

>>549345

You don't understand anon, you cannot remove a separate CPU from the chip, you cannot get intel's private key, you cannot override checks hardwired into the hardware. Intel ME is literally a second CPU that sits close to your one and is controlled by its own OS.

>>549350

That's not a hardware issue. That's a firmware exploit, just like BIOS.

Similarly to how the ME is just firmware. Sure, it's firmware running on a second processor far away from where normal programs operate, but it is still controlled by software and if one can write to that software theycould disable it.

Think about it. A second CPU is useless by itself. It needs some software to run to do anything. From what I've read, this sofware resides on the BIOS spi chip and a separate eeprom chip on the mobo. The separate EEPROM chip is what performs ME integrity checks (i.e. shuts off the computer if it doesn't detect a signed copy of the ME firmware in BIOS), which is why libreboot can't just erase this section of the spi chip when you flash the bios and get rid of AMT that way.

The previous versions of libreboot could do this (libreboot does support some laptops that have the ME chip but older versions of the ME firmware), because this separate code that performed the checks didn't exist. But now that it does, libreboot can't just erase the ME firmware located on the SPI flash chip because another bit of ME firmware located on another location of eprom on the mobo will check if the ME firmware on the SPI chip is present and is signed with an Intel key.

But if you can find a way to erase the firmware that performs this check, you can safely remove the ME firmware on the SPI flash chip without triggering the ME integrity check, because the code that does this check doesn't exist anymore.

I'll go find the sources I got this info from and post them in a minute.

>>549352

But the separate CPU is useless by itself. If you remove the firmware that runs on the second CPU, it's just a dead piece of hardware that doesn't do anything and can't harm you.