Aaaand I think this is the first public disclosure of malware using the Intel Management Engine / AMT's network connection (that uses SMBus, i talked about it here https://news.ycombinator.com/item?id=14309557 and gave links to appropriate datasheets). Nice.
AMT/ME being used by malware created by well-resourced adversaries is no surprise, and is why Intel needed to give an irreversible way of completely disabling it.
I was about to make a note to go back to AMD CPUs for future builds, but then I found this: https://libreboot.org/faq.html#amd. Looks like we're basically screwed for CPUs this year, and the next, until one of these open source IP stacks finally gets a production run.
> It is extremely unlikely that any post-2013 AMD hardware will ever be supported in libreboot, due to severe security and freedom issues; so severe, that the libreboot project recommends avoiding all modern AMD hardware.
So, what to do... Acquire obscure military surplus gear, and attempt to port Linux?
>So, what to do... Acquire obscure military surplus gear, and attempt to port Linux?
MIPS if you're desperate, not sure what general software support is like, you'll probably spend a lot of time compiling things, otherwise cross your fingers over RISC-V?
There seem to be ARM tablets that run Android decently. I mean, they're not a replacement for a monster desktop PC, but I'd think that they could take over a lot of your day-to-day (non-gaming/engineering/etc) needs. If there was an iPad with a Surface style physically connected keyboard, that would be my bet for most secure computer. (Wirelessly connected keyboards have issues, though.)
I'm hoping to see more out of the Zynq SoCs, but who knows if Xilinx has a backdoor. (Though, it's partially mitigated if you have an appropriate circuit around it -- and they definitely do make some secure components.)
>So, what to do... Acquire obscure military surplus gear, and attempt to port Linux?
Use an "open" hardware stack along with things like coreboot and a disabled IME. If you want an out of the box solution, https://puri.sm may work.
It's worth noting that I paid for my Purism laptop over three months ago and have seen repeated delays and missed deadlines. If I don't receive it this month, I am going to cancel.
My i7 6700K lacks AMT / vPro. There are modern chips that can be used if you don't mind shelling out a little extra for enthusiast models. But what we really need is a Xeon 8/16 core without vPro, till then businesses are harmed the most by this.
We have cryptographic algorithms that enable us to communicate securely over untrusted channels. Do we have similar techniques for storing/operating on data on untrusted hardware? Would such a thing even be possible?
Whitebox cryptography isn't enough in this case. Since it protects the keys you'd be able to keep them from being used but it wouldn't protect your data itself while you're encrypting it. To really be secure against something like this you'd need to be using Homomorphic encryption and processing your data without ever decrypting it.
I'm starting to wish someone would altruistically create and deploy a worm that propagates through IME and bricks every computer it touches. The economical damage would probably be huge, but I don't see any other way to make the companies understand that you should not build stuff like this.
AMT/ME being used by malware created by well-resourced adversaries is no surprise, and is why Intel needed to give an irreversible way of completely disabling it.