Comment by immibis
15 hours ago
Secure boot etc. It's in every ARM device, including the management engines in x64 devices (which are ARM devices).
15 hours ago
Secure boot etc. It's in every ARM device, including the management engines in x64 devices (which are ARM devices).
Oh, I see.
Fortunely there is still x86
You would need to go back to ~2005-era Intel x86 CPUs to have x86 without a backdoor baked into the silicon (as far as we know), like Pentium 4. The Core 2 / Q6600 / P35 chipset already had an early version of it. Wikipedia says AMD added their equivalent, the Platform Security Processor, around 2013, so their best CPU from 2012 would be the FX-8350.
I mean technically there's nothing they can do that SMM couldn't - introduced in a revision of the 386. It's code running with system permissions invisible to the "parent" user code and OS.
You're already pretty much trusting the same people then as now, at least if they are "actively malicious".
There is https://en.wikipedia.org/wiki/Intel_Management_Engine
Anyway, it will be maybe a few years until the governments will get the idea of enforcing their own management engines into our hardware :/
> Oh, I see.
No, you don't.
Because of the SMI/ACPI/Intel Management Engine/AMD Secure Technology/UEFI, and optionally AMT-complex, where usually only parts of can be deactivated partially, but never all of it.
It's actually more bad than the above mentioned ARM-stuff, which is misinformed(maybe because of raspberry piish broadcomisms, or locked down dumbphones), because on ARM, you either can disable that stuff, or even can run your own instead.
https://www.trustedfirmware.org/projects/op-tee/
https://github.com/OP-TEE
https://docs.kernel.org/next/tee/op-tee.html