Privacy & Security Tech to Watchful of: vPro

18 respostas [Última entrada]
Chris

I am a member!

Desconectado
Joined: 04/23/2011

I just wanted to make the regulars here aware of another potential security and privacy threat from Intel called vPro. The more people who avoid this technology the better.

Most people probably know of Intel's Trusted Execution Technology which is part of the "Trusted Computing" initiative. For those who don't know about it read up on treacherous computing.

vPro is a component in modern Intel CPUs which enables a remote party to take control of a users computer. Unlike with Intel's anti-theft technology vPro does not need drivers or even an OS installed to work. It operates at a lower level and the remote user can see, hear, access, and record everything. With a GSM card your system doesn't even need to be "connected" to the Internet.

When looking at CPUs for your system or helping others I'd suggest checking the documentation on Intel's web site. Eliminate CPUs that are listed as having vPro support in addition to those which have Intel Trusted Execution technology.

Zancudo
Desconectado
Joined: 09/19/2012

thank you Chris for pointing this out!

Half a year ago i bought the i7 3770K, because of the free driver graphics and at the same time the absence of Intel Trusted Execution technology. Possibly i read about it in this forum. am glad it also does not have vPro!

kernelKurtz
Desconectado
Joined: 03/12/2013

Yes thank you.

Any pointers/tips/links on how to break/neutralize said "features"?

lembas
Desconectado
Joined: 05/13/2010
Cyberhawk

I am a translator!

Desconectado
Joined: 07/27/2010

Thanks a lot Chris! I already heard about a similar technology being used in Apples notebooks (but coulnd't believe it). Apparently, they can be found by Apple, if stolen. The webcam and microphone, beyond other things, will be accessable, also it is possible to determine the position of the stolen notebook by satelite.

It might be the vPro from Intel, it might be some similar technology by Apple themselves.

Chris

I am a member!

Desconectado
Joined: 04/23/2011

Apple's almost certainly got the same technology (vPro) under the hood. Apple's using the same design firms and sourcing from the same companies as everybody else. While the overall design (appearances) differs a bit on their products its largely artificial. The stuff underneath is the same.

ssdclickofdeath
Desconectado
Joined: 05/18/2013

Do AMD Processors contain anything similar?

Chris

I am a member!

Desconectado
Joined: 04/23/2011

I don't know and don't really care to investigate. AMD hasn't cooperated on releasing sufficient code for their graphics chipsets. As a result there is no support in free distributions like Trisquel. Until they fix that issue they won't even be on our radar.

ssdclickofdeath
Desconectado
Joined: 05/18/2013

Is the vPro in a CPU or a GPU?

I'd suppose that Trisquel would run on a AMD CPU, though.

Chris

I am a member!

Desconectado
Joined: 04/23/2011

It is a marketing word. vPro is a set of technologies developed by Intel.
For the technology to work it requires a combination of chipsets to be
used in conjunction with support in the CPU. That is my
understanding/interpretation.

AMD may have something similar although I'm not familiar with its
equivalent (if it exists).

ahj
ahj

I am a member!

Desconectado
Joined: 06/03/2012

>I don't know and don't really care to investigate. AMD hasn't cooperated on releasing sufficient code for their graphics chipsets. As a result there is no support in free distributions like Trisquel. Until they fix that issue they won't even be on our radar.

I'm a little perplexed by your staunch opposition to AMD. And let me just say, I'm in no way an AMD loyalist (I currently run 0 AMD machines).

But who is the greater evil:

1. Intel, who actively works against liberating one of the most essential components of a computer (the BIOS) i.e. coreboot, and who implements hard wired code to spy on its users, a draconian and something of an Orwellian development - but they have free video drivers.

OR

2. AMD, who supports liberating the BIOS, and currently has no plans and no CPU that implements hardwired spyware in silicon to subjugate its users, and has a 95% liberated video stack? (That remaining 5%, the kernel driver, is the most valuable piece that needs to be freed).

And let's not forget the unethical business tactics that intel has used over the last 20 years in order to monopolize the x86 market, and expand proprietary software with the windows/intel (wintel) marketing strategy.

With respect, I'm not so sure that the ethical superiority of intel is so clear as you make it.

Michał Masłowski

I am a member!

I am a translator!

Desconectado
Joined: 05/15/2010

> 2. AMD, who supports liberating the BIOS, and currently has no plans
> and no CPU that implements hardwired spyware in silicon to subjugate
> its users, and has a 95% liberated video stack? (That remaining 5%,
> the kernel driver, is the most valuable piece that needs to be freed).

Any source for them not having such plans? (I don't know if what [0]
describes is related.)

The kernel driver is free (at least until the "golden registers init"
was introduced [1], I don't know if these are documented or if it's ok
if AMD developers also don't know what it does), only the microcode is
nonfree (although they have nearly the same size if we count microcode
for all devices).

> With respect, I'm not so sure that the ethical superiority of intel is
> so clear as you make it.

I agree, users who want 3d acceleration working now with Trisquel
probably disagree. (None of my devices has an Intel CPU.)

[0] http://hardware.slashdot.org/story/12/06/13/1756205/amd-and-arm-team-up
[1] e.g. http://cgit.freedesktop.org/~agd5f/linux/commit/?h=drm-next-3.10-2&id=a2c96a2112a32b332aa7bf9622b122a18caf2dfc

ssdclickofdeath
Desconectado
Joined: 05/18/2013

To ahj: Just buy a used Intel chip, then you won't be supporting Intel.

Chris

I am a member!

Desconectado
Joined: 04/23/2011

AMD does implement things we don't want in our CPUs. I'm not sure they have a vPro equivalent although or AMT for that matter. I do know there is other stuff in there though which is undesirable.

I don't have confidence that there will ever be a good solution from either Intel or AMD. What we need to do is invest in new hardware ventures. This is no easy feat when the majority care more about the specs and price than any other factors.

We need people to buy free software friendly hardware. Not just hardware that can be made free software friendly six months after its discontinuation. If you haven't listened to RMS speech at 2013 Libre Planet I highly suggest you do. I was a bit surprised to hear him say what I've been thinking for the past several years.

Before a serious hardware investment is going to be made by any one the larger community needs to commit resources to proving that such an investment would pay off. People proved it with AR9271. However that was tiny compared to a project aimed at designing a non-x86 system for free software users-or the masses. If I did my math right such a project might be 20,000 times more expensive before it'll grab anybody’s attention.

ssdclickofdeath
Desconectado
Joined: 05/18/2013

It was nice when electronic components were large enough that an intermediate computer user could solder together ICs on a PCB to make a (then) modern day computer.

onpon4
Desconectado
Joined: 05/30/2012

Hey Chris, I can't find that speech you mentioned, can you (or someone else) give a link?

Mampir
Desconectado
Joined: 12/16/2009

Several months ago guy proposed a plan for making a FSF-endorseable embedded processor (at Slashdot). The guy goes by the alias of lkcl and as I understand he is also working on a freedom respecting tablet (news).

His plan for a free processor seems reasonable. It looks like this is a way we can achieve freedom respecting computers. But it won't be easy for our community, since it requires a lot of money.

> Hey Chris, I can't find that speech you mentioned, can you (or
> someone else) give a link?

I think the recording still isn't uploaded. On libreplanet.org it's written that the recordings will be uploaded in days after the the event, but they still aren't. I guess Chris heard the speech because he was at LibrePlanet.

Chris

I am a member!

Desconectado
Joined: 04/23/2011

Yes- I was at Libre Planet and saw it live. I'll ask tomorrow though what the story is. Have to ask about something else anyway. hmm I think I might have been told why it wasn't posted although it's so flimsy in my memory I won't.

lembas
Desconectado
Joined: 05/13/2010

>Do AMD Processors contain anything similar?

I did a search just out of curiosity and couldn't find anything built in. Apparently you can do it but you need to buy a separate network card for it. Which of course is a good thing!