Re: [Libreboot-dev] about Intel ME

[Serge]

Hi Denis
Thank you so much for the detailed reply.
I analyzed and noted many interesting points and corrections you made.
Indeed, the problem is more general: the presence of the non-free code
that we cannot trust.
And power is definitely corrupts people so considering historical
examples and real cases we can conclude that all those proprietary
blobs are too risky for society. And they are progressing in some
strange way towards being totally closed and unsupervised by the free
software community (like recent versions of Intel's ME are embedded
inside the chipset and forced to be unremovable by design (now ME
co-processor sets up memory training, runs ICC control, etc) So I
totally support the refusal to support this flawed hardware.
The fact that Intel is taken this path gives me clear warning sign
that they don't listen to the FS community, their values are flawed
and the company doesn't care about the ethics and moral values of the
computing power that should be open and transparent to people who owns
their devices. I don't even know why this is happening. It really
looks bad from ethical point of view...
But what are alternatives?
I found some interesting platforms maybe you'll be interested in them:
1. Talos http://www.raptorengineeringinc.com/TALOS/prerelease.php
2. Novena https://www.crowdsupply.com/sutajio-kosagi/novena
Talos is based on Power processors and open firmware. Novena is
arm-based but with u-boot open firmware so they look promising to the
FS community.
About the people's reaction - you noted interesting moment that people
doesn't care about things that are not so obvious. People tend to
believe that "they woudn't dare to do so" thus relaxing the social
pressure to the peer leaders (i.e direct market pressure - by stop
buying from companies like Intel for implementing their firmware in
unethical / closed / non free way)
So we need to educate people to showcase how non free software gives
unjust power to the state/corporations, and how it easily could be
abused, and so on...
Sergey

On Sun, Apr 3, 2016 at 7:00 PM, Denis 'GNUtoo' Carikli
<address@hidden> wrote:
> Sorry for responding that late, I've a huge mail backlogs.
>
> On Sat, 5 Mar 2016 02:30:59 +0700
> Serge <address@hidden> wrote:
>> I recently just realized that modern CPUs are flawed by design,
>> they now include separate chip having access to everything...
>> that is horrible! I see threat to all free software movement, its a
>> nightmare in case of traditional systems I had a choice I could run
>> GNU/Linux or use proprietary OS but now even if I boot free OS,
>
>> there is private code running in the cpu 24/7 even if I poweroff my
>> system...
> This is proprietary code indeed, but here powering off is very
> confusing.
> Before you could feel that the system was off when shutting it down.
> It was meant to shut down when you asked it to.
> An attacker or proprietary software still had rooms for making the user
> think that the computer was off while it wasn't, but this was very
> complicated to do:
> - The computer would need to make no noise and not to turn off some
>   lights that would show that it's on.
> - Then it would need to get access to the power button, and reboot when
>   a user would press it.
>
> Now the user has even less control. Asking the machine to shut down
> does not necessary shut down everything, and this is by default!
> (Unlike the complicated tricks mentioned before)
>
> It's not magic though, it can only runs if power is provided to it.
> So a way to shut down such computers is to remove them access to power
> (batteries and power supply).
>
> Some firmwares running on the ME have configuration interfaces in the
> BIOS, but who can trust proprietary code to do what it said...
>
>> I cannot even see this code as its archived, I cannot make
>> my own as its signed...
> The ME partition can be dumped with an external programmer.
> I think that there was some progress for dumping it on older ME
> versions.
>
> As I understand it, not all sections of the ME firmware are signed. The
> signatures protects the code, which is what we wanted to replace in the
> first place.
>
> The ME started as code running on the Intel NICs with fimrwares like
> AMT, and others. I believe it required its own separate flash.
> It then moved to the chipset.
> This is the case with the libreboot supported GM45 devices.
> Hopefully the ME firmware is never run since it is removed.
> I didn't dig yet into how libreboot deactivate the ME.
>
> Now I heard that on even more recent hardware:
> - The ME has moved into the CPU.
> - Its architecture(It was ARC, then SPARC, then x86?) changed.
> - It cannot be deactivated anymore as code won't execute on the main
>   processor(The one you run GNU/Linux on) if the ME didn't initialize
>   some hardware.
> - It's still signed, but given the above, deactivating it would be
>   close to impossible. Still this would have to be done in a
>   trustworthy way to keep freedom.
> - They have been securing more and more the ME against the users, long
>   time ago, you could dump its RAM for instance.
>   In later generation, activating the ME resulted in the chipset
>   automatically locking its memory region.
>   And this is with free software RAM initialization in coreboot.
>   (Libreboot doesn't want to support hardware where the ME cannot be
>   deactivated)
>   However, the libreboot computers have DDR3, and as such, they can read
>   DDR3 RAM modules. So this is a potential way to dump the ME's code
>   while running.
>
>> that is a nightmare!!... Nobody speaks publicly, masses are totally
>> unaware of it...
> Funny coincidence: some minutes ago, I've wrote a mail (CCed to
> the libreboot mailing list) that explains how to fix that.
> The idea is to write documentation that is meant for non technical
> people that explain it all.
>
> Replicant is working towards that:
> http://www.replicant.us/freedom-privacy-security-issues.php
> There is some room for improvement, for instance to make it more clear
> for non-technical people.
>
> You first need somewhat technical documentation before addressing the
> masses, this is to prevent confusion. Many people already confuses the
> ME, AMT, VT-pro.
>
>> And now there are no x86 alternatives as AMD is flawed with PSP as
>> well... And this ME (govt. backdoor?) is created in such way it
>> cannot be easily disabled.
> If it is a backdoor or not, if it's backed by governments or not is
> irrelevant.
> You have untrustworthy code running on your computer that has access to
> too much hardware. This is really bad for freedom.
>
> As for convincing the masses, I don't think that explaining practical
> things will have an effect.
> If you explain that someone can potentially run code inside the
> management engine, or that the code might do malicious things, nobody
> would care. Because it's only potentially. And you would have a very
> hard time convincing people that they are affected directly.
> You often have questions like: is <that particular non-free software
> risky>. This is missing the point totally.
>
> You need to be more generic in many directions:
> - Don't target a particular software or hardware. Make them fit into a
>   bigger picture.
>   The nvidia proprietary drivers for instance might not have been
>   caught directly attacking the users, so you won't be able to convince
>   someone that it might be the case since it's something totally
>   unknown.
>   It however fits into proprietary software with huge privileges (it
>   runs in kernel mode). So the usual arguments for free software
>   applies here, but their effects are increased a lot more by the fact
>   that it runs in kernel mode. Again be generic.
> - Put people in a broader context. People don't feel concerned because
>   they don't think they are special, therefor they don't think they are
>   targeted specifically.
>   In fact many of the issues we have today is because computers permit
>   to cheaply targets everybody at once, with mostly fixed costs. This
>   is done all the time, by various groups(governments, criminals and so
>   on). It's something very usual.
>
> Going after the ME specifically would be a mistake, AMD has PSP, and
> there might be other issues with ARM.
>
> The fact that you cannot trust your computer anymore without fully free
> software is rather the direction you should aim for.
> It's easy to understand without a non-technical background.
> Regular people also don't need to audit the hardware they have anymore,
> to find that there is some chip that attacks you freedom years later.
> (for instance they didn't know about the ME or even the BIOS).
> Organizations such as the FSF have the RYF certification and the free
> software community now do it for you.
>
> Then remains to convince people that fully free software matters, in a
> non-technical way.
> Non-free software is an unjust power, and that can be so easily abused,
> and that it always be.
> History is also something very important to relate to.
> The Stasi is a very good example of the limits of spying systems
> without ubiquitous computing.
>
> History also have lots and lots of examples about:
> - states abusing their power.
> - People's refusal to believe what could or is happening.
>   This is also what permit states to abuse their power in the first
>   place.
>
>> Even if it is designed to use with respect to the law, in "lawful
>> ways" - it still can be exploited and used by hackers, by exploiting
>> bugs, or problems with system design.... that would give them ABSOLUTE
>> silent control over any system world wide...
> "There is no way to guarantee that it can't be abused" would be a better
> way to phrase it.
> I fact if you have to give such powers, I cannot think of anyone who
> wound's abuse it over time. Power corrupt people.
> And here people refusal to believe that power can be abused leads to the
> abuse of such power. History has many examples.
> Also having such power may be manageable today, but nothing would
> prevent future dictatorships to take advantage of it in very nasty ways.
>
> Something similar has already happens with laptops lent by
> schools/universities to students: There are scandals in the press
> talking about school/university staff spying students in their homes
> from the laptop webcam.
>
>> I fear of end-of-the-world scenario, where some VIRUS for this ME cpu
>> is spreading like a disease with wifi beam, and then simultaneously
>> disables every modern intel SoC on the planet...
> Here you have an unpatchable code[1], written by one manufacturer
> (Intel) that is very widely deployed[2].
> As for its security, the code has not widely been reviewed by the whole
> computer science community.
> While they have good security practice, that scenario might happen.
> Note that the good security practice is applied to preventing people
> from running code inside that chip, not from abusing the
> functionalities of its fimrware:
> On some AMT versions, you can use remote provisioning to provision
> computers on the same network. This doesn't check if you are the owner
> of the computer.
> All you needed was to buy a cheap certificate (about 60E), some
> software freely downloadable on Intel's website, and a DHCP server.
> Given that the DHCP protocol is not secure against rogue DHCP servers,
> you get the picture...
> This is documented here[3].
>
>> Especially, if it messes with the wifi module firmware in
>> autonomous way. Any code just could be beamed into any laptop system
>> even in poweroff state.
>> Maybe we can sign a petition to Intel?
>> What we need to do?
> At least two things:
> - Have credible alternatives, that means computers that about 7 billion
>   people could use. (Long term thinking).
>   If Trisquel with libreboot is easy enough to use for most people,
>   that fits the bill.
> - Convince people to switch to the alternatives. If the alternative is
>   not as fast for instance, we should be honest about that and explain
>   the tradeoffs. This will help people switching, and fixing the issues
>   too.
>
>> We really need an open hardware to ensure safety (maybe FPGA based
>> system? is there any alternatives powerful enough to run linux with X
>> for typical workflow using word processor, watching HD movies, etc)
> Yes, some people are working on it. I'd rather talk about hardware
> freedoms than open hardware. RMS has a good article about hardware
> freedoms.
>
>> p.s. why everybody accepted it so silently?
> If everybody is the free software community, why did you think we did?
> Maybe we failed at communication?
>
> We didn't accept it.
> There was several talks by RMS about this trend.
> This trend was foreseen almost since the beginning.
>
> The refusal to accept it is also why there is libreboot.
> It's not specific to ME, but to having a computer that you can control
> and trust.
>
>> say if government would pass a bill to lawfully install a CCTV set in
>> every household for "official surveillance" it would create mass
>> protests! Fights and debates for civil rights.
> That's because CCTV are visible. It would indeed create protests in
> many countries. I fear that it woundn't in all...
>
> If you want more information regarding that kind of reactions, you
> might find some that analyze the people's reaction before and after the
> NSA scandal. John Oliver has some good point about that too with his
> interview of Edrawd Snoden.
>
>> But this Intel ME / AMD PSP - is the same! And even Worse in many
>> ways. Much worse.
>> Doing open surveillance could be legitimate (in Orwellian society, but
>> still) - but doing this concealed CPU with FULL remote access to
>> system and network and without any way to DISABLE IT - is something
>> totally insane!
> Yes, you should ask people if it's something they want.
> Like if there was no such thing, would people ask for it to be created?
> Assuming they respond wisely, probably not.
>
> We have the "source code" for the countries we live in, it's called the
> law. Though, often it doesn't constitute "corresponding source code",
> that is, what is running and the source code don't match.
>
> As people, we need to have our saying in how the technological
> infrastructure is done too.
> Commerce is not an excuse to such extreme power abuse potential.
>
>> Hackers could create virus for this cpu...
> Malware is the term you're looking for.
> Crackers is also a term you're looking for.
>
> Hackers originally had nothing to do with security, and it's still used
> in that sense in the free software community.
>
> It sometimes get award when it can be interpreted both ways, but here
> it's not.
>
> Wikipedia has a good summary on that here:
> https://en.wikipedia.org/wiki/Hacker_(term)
>
>> I even still cannot believe that this is real.. (but it is) And  just
>> went unnoticed, under the radar..
> Nowadays there is so much information that getting people to notice is
> hard, especially because in many societies, everybody/everything is
> trying to get people's attention.
> Sometimes it's only done to distract people from the real issues.
>
> To be aware of such issues you need:
> 1) A free software project that finds them, here coreboot and libreboot.
> 2) Publicizing the issue, this has often been done in conferences and
>    so on, but I fear that even if it's necessary, it's not enough.
>    Writing reference documentation that anyone can read when they wish
>    should also be done.
>
> References:
> -----------
> [1]Most people don't even update their non-free BIOS.
>    If a security bug is found, and there are known examples[2].
>    Rowhammer is a good example since it may be exploited from
>    javascript... There was a CCC presentation named rowhammer.js about
>    it.
>    Vendors won't and can't update all the old BIOSes. So why would they
>    update the ME code.
> [2]The probability that it would happen is high, as there is a lot
>    of common code between different hardware vendors.
>    The chip vendors (Intel, AMD) gives some code. The "Independant BIOS
>    Vendors"(AMI, Phoenix, etc...) code is also used among many hardware
>    vendors.
> [3]This is in the second paragraph of the the "Known vulnerabilities
>    and exploits" section in the [[Intel AMT]] Wikipedia article here:
>    
> https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#Known_vulnerabilities_and_exploits
>
> Denis.