Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.os.linux.security > #778 > unrolled thread

Hidden Operating Systems in Chips vs. Secure, Auditable OSes: A Cybersecurity Comparison

Started by🇵🇱Jacek Marcin Jaworski🇵🇱 <jaworski1978@adres.pl>
First post2025-06-11 00:41 +0200
Last post2025-08-26 22:43 +0200
Articles 6 — 5 participants

Back to article view | Back to comp.os.linux.security


Contents

  Hidden Operating Systems in Chips vs. Secure, Auditable OSes: A Cybersecurity Comparison 🇵🇱Jacek Marcin Jaworski🇵🇱 <jaworski1978@adres.pl> - 2025-06-11 00:41 +0200
    Re: Hidden Operating Systems in Chips vs. Secure, Auditable OSes: A Cybersecurity Comparison R Daneel Olivaw <Danni@hyperspace.vogon.gov> - 2025-06-13 10:50 +0200
      Re: Hidden Operating Systems in Chips vs. Secure, Auditable OSes: A Cybersecurity Comparison Dennis V <social.ranked646@passinbox.com> - 2025-09-11 23:10 +0000
    Re: Hidden Operating Systems in Chips Ralf Schneider <schneiderr@freenet.de> - 2025-07-30 16:04 +0000
      Re: Hidden Operating Systems in Chips Marco Moock <mm@dorfdsl.de> - 2025-07-30 20:40 +0200
    Re: Hidden Operating Systems in Chips vs. Secure, Auditable OSes: A Cybersecurity Comparison 🇵🇱Jacek Marcin Jaworski🇵🇱 <jaworski1978@adres.pl> - 2025-08-26 22:43 +0200

#778 — Hidden Operating Systems in Chips vs. Secure, Auditable OSes: A Cybersecurity Comparison

From🇵🇱Jacek Marcin Jaworski🇵🇱 <jaworski1978@adres.pl>
Date2025-06-11 00:41 +0200
SubjectHidden Operating Systems in Chips vs. Secure, Auditable OSes: A Cybersecurity Comparison
Message-ID<marqkfFpmidU1@mid.individual.net>
Cześć!/Hi!

Did you know about "Intel Management Engine (ME)" or "AMD Platform 
Security Processor (PSP)" if no then read now:

<https://puri.sm/posts/hidden-operating-systems-in-chips-vs-secure-auditable-oses-a-cybersecurity-comparison>

-- 
Spokojnej nocy!/Sleep well!
Jacek Marcin Jaworski
Domowa s. WWW: <https://energokod.pl>;
Mini Netykieta: <https://energokod.pl/MiniNetykieta.html>.

[toc] | [next] | [standalone]


#779

FromR Daneel Olivaw <Danni@hyperspace.vogon.gov>
Date2025-06-13 10:50 +0200
Message-ID<102gooc$2efr3$1@paganini.bofh.team>
In reply to#778
🇵🇱Jacek Marcin Jaworski🇵🇱 wrote:
> Cześć!/Hi!
> 
> Did you know about "Intel Management Engine (ME)" or "AMD Platform 
> Security Processor (PSP)" if no then read now:
> 
> <https://puri.sm/posts/hidden-operating-systems-in-chips-vs-secure-auditable-oses-a-cybersecurity-comparison> 
> 
> 

This problem has been known for years - even before that critical 
vulnerability (Intel-SA-00086) from 2017.
The article says "The Management Engine in Intel devices is disabled to 
the extent possible", whatever that means.  It does not say anything 
about AMD, and there is also no reference to any known problems with 
AMD's PSP.
Apart from that, the article is a sales pitch for Purism Products and is 
very much aimed at potential customers in the US.  "Made in USA" is also 
not exactly a badge of trust any more, although I'm not sure which 
alternatives could be considered better.

[toc] | [prev] | [next] | [standalone]


#783

FromDennis V <social.ranked646@passinbox.com>
Date2025-09-11 23:10 +0000
Message-ID<109vksi$306bh$2@dont-email.me>
In reply to#779
On 2025-06-13, R Daneel Olivaw <Danni@hyperspace.vogon.gov> wrote:
> The article says "The Management Engine in Intel devices is disabled to 
> the extent possible", whatever that means.  It does not say anything 
> about AMD, and there is also no reference to any known problems with 
> AMD's PSP.

For intel it's the HAP bit functionality (High Assurance Platform)
where a magic bit placed in the firmware makes the ME shutdown after
the boot process finishes.

But even if you trust that the ME is off there have been vulnerabilities
during booting that could bypass this
(https://www.theregister.com/2017/12/06/
intel_management_engine_pwned_by_buffer_overflow/)

[toc] | [prev] | [next] | [standalone]


#780 — Re: Hidden Operating Systems in Chips

FromRalf Schneider <schneiderr@freenet.de>
Date2025-07-30 16:04 +0000
SubjectRe: Hidden Operating Systems in Chips
Message-ID<106dfqf$14gu0$1@gwaiyur.mb-net.net>
In reply to#778
Am Wed, 11 Jun 2025 00:41:19 +0200 schrieb 🇵🇱Jacek Marcin Jaworski🇵🇱:
> > Did you know about "Intel Management Engine (ME)" or "AMD Platform
> Security Processor (PSP)" if no then read now:

This is really unexpected for me. How can tails and tor protect you now ?
Was this all a deception for dummies ?

[toc] | [prev] | [next] | [standalone]


#781 — Re: Hidden Operating Systems in Chips

FromMarco Moock <mm@dorfdsl.de>
Date2025-07-30 20:40 +0200
SubjectRe: Hidden Operating Systems in Chips
Message-ID<20250730204056.44da627d@ryz.dorfdsl.de>
In reply to#780
On 30.07.2025 16:04 Uhr Ralf Schneider wrote:

> Am Wed, 11 Jun 2025 00:41:19 +0200 schrieb 🇵🇱Jacek Marcin Jaworski🇵🇱:
> > > Did you know about "Intel Management Engine (ME)" or "AMD
> > > Platform  
> > Security Processor (PSP)" if no then read now:  
> 
> This is really unexpected for me.

Was known for years. :-)

> How can tails and tor protect you
> now ?

Not at all, because the ME Is technically a separated mini computer
inside your machine. It is intentionally separated from the main
components.

-- 
kind regards
Marco

Send spam to 1753884271muell@stinkedores.dorfdsl.de

[toc] | [prev] | [next] | [standalone]


#782

From🇵🇱Jacek Marcin Jaworski🇵🇱 <jaworski1978@adres.pl>
Date2025-08-26 22:43 +0200
Message-ID<mh6kkdFtvt1U1@mid.individual.net>
In reply to#778
W dniu 11.06.2025 o 00:41, 🇵🇱Jacek Marcin Jaworski🇵🇱 pisze:
> Cześć!/Hi!
> 
> Did you know about "Intel Management Engine (ME)" or "AMD Platform 
> Security Processor (PSP)" if no then read now:
> 
> <https://puri.sm/posts/hidden-operating-systems-in-chips-vs-secure-auditable-oses-a-cybersecurity-comparison>

quote: "The Gazelle runs light System76 Open Firmware, which is powered 
by open source Coreboot technology. This allows System76 firmware 
engineers to disable the Intel Management Engine and provide periodic 
firmware updates for further protection."

source: art. under title "System76 Announces Gazelle Laptop: A Powerful 
Everyday Companion", author anonim, URL:

<https://blog.system76.com/post/system76-announces-gazelle-laptop>

[toc] | [prev] | [standalone]


Back to top | Article view | comp.os.linux.security


csiph-web