[Freedombox-discuss] Without software collusion
vPro is a technology employed system-wide. It contains / requires a specific ability to exist in the ethernet communications hardware, the motherboard chipset, and the CPU. If any of those components are missing, vPro will not function.
It begs the question: If Intel can use vPro to access a dead, non-response system (the OS has crashed, which was their big sales pitch during its initial introduction) and manage a reboot or capture a debug image of memory and hard disk data, what's to keep them from doing the same while the system hasn't crashed?
Internally to the x86 architecture are isolated selectors which divvy up what process can access what area of memory. But there exists a special mode called RING0 which allows access to anything, and is typically only used by OS kernels. And 64-bit CPUs which have virtualization acceleration extensions have a RING-1 mode, which is even higher above the RING0 allowing for access across all OSes.
Whose to say that the authors of the ethernet (allowing for wide out-of-band communication), the chipset (allowing for 'foreign' traffic to be introduced at any time) and the CPU (allowing for 'foreign' code to be run at any time), isn't capable of doing more than we're told? It's a stretch to believe the developers stopped where they have revealed to us.
vPro is scary. It's the most scary technology I've ever read about in computers. It's why to this day I will not / never buy another Intel-based product again.
FWIW, I've written many articles about Intel over the years, including one when Core 2 was first launch called "My God, It's Full of Flaws" referencing the famous line from 2001:A Space Odyssey and 2010:The Year We Make Contact, "My God, it's full of stars".
Core 2 brought for the base design used in previous Intel x86 CPUs. As a result, it brought forth its errata as well. Upon initial launch there were over 100 known bugs (errata) in the CPU itself.
That article drew A LOT of attention from the semiconductor community, but it did not draw a phone call from Intel. The vPro article was not published for a few hours before I had a call.
To me, that also speaks volumes.
Best regards,
Rick C. Hodgin
--- On Thu, 6/28/12, freebirds at hushmail.com <freebirds at hushmail.com> wrote:
> From: freebirds at hushmail.com <freebirds at hushmail.com>
> Subject: [Freedombox-discuss] Without software collusion
> To: freedombox-discuss at lists.alioth.debian.org
> Date: Thursday, June 28, 2012, 3:33 PM
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Rick Hodgkin wrote: "This is what Intel's vPro theoretically
> can
> do.? And I would not be surprised to learn that AMD has
> something
> similar inside its chips."
>
> As far as I could research, AMD does not have the equivalent
> of
> vPRO. However, vPRO is mostly AMT. AMD does have a
> equivalent of
> AMT which is DASH. Both AMT and DASH read computers PSN and
> connect
> to them out of band. Both AMT and DASH can take complete
> control of
> computers. I cited articles on this.
>
> Nick Daly asked for an example of end-to-end chain that
> doesn't
> require software collusion.
>
> Earlier today, I briefly mentioned Intel vPRO and Absolute
> Computrace preinstalled in the BIOS of Dell and Lenova.
> These
> cannot be deleted from the BIOS. vPRO has its own UUID which
> is
> visible. Lenova BIOS does give option of making vPRO's UUID
> visible
> or to hide it.
>
> I don't know whether Computrace uses the processor's PSN or
> if
> Computrace has its own UUID. Hackers, investigators,
> government and
> I read Nod32 antivirus activates Computrace. Dell
> automatically
> updates the BIOS of older Dell notebooks that didn't have
> Computrace preinstalled to now have Computrace.
>
> Once Computrace is activated, Absolute refuses to deactivate
> it. I
> have read that Nod32 activates Computrace. I have read posts
> of
> users complaining that somehow Computrace was activated and
> their
> data was being sent to Absolute. Computace has a key
> logger.
> Absolute manufacturers Computrace. Computrace is not merely
> for
> antitheft. Computrace can take photographs remotely and sent
> the
> photos back to Computrace.
>
> Nick Daly, you may say Intel vPRO and Computrace are
> software.
> Since they are installed in the BIOS they are independent of
> OS. I
> do not think they require a browser to function. Certainly,
> Intel
> AMT and AMD DASH do not require a browser.
> -----BEGIN PGP SIGNATURE-----
> Charset: UTF8
> Version: Hush 3.0
> Note: This signature can be verified at https://www.hushtools.com/verify
>
> wsBcBAEBAgAGBQJP7LF/AAoJEMry4TZLOfxmIg0H/3Hggm+o1cc2j9Pqu5PG9lz4sguA
> dZInkzctgyOGhpO8v9SIiYWppq0GCKcrCb5Dl3PHYjEow4f4kcWF1nKO0WWPVCeckQy/
> 6KKpRpGvRc0ITT4ZLJj7wNAtYzo8oYcxfoSLEThiBcY2dFJ4qn+8wu0L9GwV6wb0tKpf
> WT7Mx5jWIlo2gtp6Yn73VhzqxspLbcmIzldkgHBPtLCzSZI5aOJWOPt2UdmncjLCJpsi
> G+8TzzujTxXAtq0DJhuSG4Hvnl4gAJrmYjxLBW1J39XJ/08YefviQO8byvjXNLS5JuFg
> KE0mLPk2JgL7XTrgDBxk32jxTbBx+ls5lYvR7wQ/YQo=
> =YYsm
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
>
Reply to: