[Dev] The Theova Question

[Freemor]

On Mon, Nov 25, 2019 at 11:55:11AM +0000, grizzlyuser wrote:
> On Saturday, November 23, 2019 7:04 PM, bill-auger
> <bill-auger at peers.community> wrote:
> 
> > i had the same thought recently too - grizzlyuser has also been
> > very helpful
> 
> It's very pleasant to see myself mentioned in this thread! Seing
> dedication of Parabola hackers to the project inspired me to do
> my small contributions. I'd be happy to be more involved.
> 
> However I'm not sure if it'd be appropriate for me to package
> anything, because my laptop contains Intel Management Engine.
> It's not clear if there's any practical need for IME to mess
> with built binaries / packages. Although manufacturer (Dell)
> claims ME is disabled in my configuration, intelmetool utility
> says otherwise, and I haven't yet taken the risk of bricking my
> only computer by using me_cleaner to neutralize IME.

The IME is a local concern and not a remote one. Someone would have to be on
your local network segment to Futz with the machine and that is only if you are 
using one of the "blessed" NICs (like the built in Ethernet or wifi). We also
have a build host "Beefcake" that you could build things on if you are still
worried. 

A lot has been made of the IME because of its ring -3 ness But any
maliciousness is theoretical at best (bugginess has been proven. But no one has
found code that would do thing all on its own). And as I said above
to use it as a backdoor someone has to directly access the machine or be on the
same network segment (LAN) while you are using one of the Blessed NICs

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20191125/92ecba4d/attachment.sig>