The Intel management engine and the analogous from AMD creep me out so I
want to put a computer together using old processors from before these facilities came into the picture. Operating system will be Linux. I
already have AMD Sempron and Athlon processors and now I need the rest. www.pcupgrade.co.uk sells old motherboards. I have a few questions
related to my endeavour :
Is there any notion of compatibility between computer cases and
motherboards ? If yes , how do I ensure that I get a case such that an old motherboard (one with an AM2 socket) fits ?
Are there any issues related to my efforts I should be aware of ? I mean issues specific to putting a computer together from old parts.
The only experience I have in putting a computer together is adding components to a barebones computer but I've never done it from scratch.
Is there any notion of compatibility between computer cases andYes, there is, for that time, ATX, mATX and BTX existed. Check what
motherboards ? If yes , how do I ensure that I get a case such that
an old motherboard (one with an AM2 socket) fits ?
The Intel management engine and the analogous from AMD creep me out so I
want to put a computer together using old processors from before these facilities came into the picture. Operating system will be Linux. I
already have AMD Sempron and Athlon processors and now I need the rest. www.pcupgrade.co.uk sells old motherboards. I have a few questions
related to my endeavour :
Is there any notion of compatibility between computer cases and
motherboards ? If yes , how do I ensure that I get a case such that an old motherboard (one with an AM2 socket) fits ?
Are there any issues related to my efforts I should be aware of ? I mean issues specific to putting a computer together from old parts.
The only experience I have in putting a computer together is adding components to a barebones computer but I've never done it from scratch.
--
vlaho.ninja/prog
Is there any notion of compatibility between computer cases and
motherboards ? If yes , how do I ensure that I get a case such that an old motherboard (one with an AM2 socket) fits ?
Are there any issues related to my efforts I should be aware of ? I mean issues specific to putting a computer together from old parts.
The Intel management engine and the analogous from AMD creep me out so I
want to put a computer together using old processors from before these facilities came into the picture. Operating system will be Linux. I
already have AMD Sempron and Athlon processors and now I need the rest. www.pcupgrade.co.uk sells old motherboards. I have a few questions
related to my endeavour :
Is there any notion of compatibility between computer cases and
motherboards ? If yes , how do I ensure that I get a case such that an old motherboard (one with an AM2 socket) fits ?
Are there any issues related to my efforts I should be aware of ? I mean issues specific to putting a computer together from old parts.
The only experience I have in putting a computer together is adding components to a barebones computer but I've never done it from scratch.
The Intel management engine and the analogous from AMD creep me out so I
want to put a computer together using old processors from before these facilities came into the picture.
So, it really depends what you intend to do with your computer. Light
use, a little web browsing on simple web pages, email, simple stuff
probably not a problem. Heavy web browsing on heavy pages, editing
complex documents or video, encoding video... Might need a lot of
patience.
Spiros Bousbouras <spibou@gmail.com> writes:
Is there any notion of compatibility between computer cases and motherboards ? If yes , how do I ensure that I get a case such that an old motherboard (one with an AM2 socket) fits ?
ATX form factor for motherboards has been a standard for a couple of
decades now so should be OK.
Are there any issues related to my efforts I should be aware of ? I mean issues specific to putting a computer together from old parts.
RAM size and CPU performance might be an issue. I assume you'll have
SATA for storage and PCIe for video which should be fine.
As for performance, my wife had a Core2quad desktop until a couple of
years ago but it choked really hard on simple stuff in Microsoft Word. I
was surprised the CPU seemed unable to handle a simple document with
text and pictures. Now I assume you won't be running Word or Windows but performance might still be an issue, with just web browsing.
I remember I had a core2duo laptop, two cores at 1.33 GHz. It was fine
for email and a little software development with Qt but web browsing got
so painful I got something faster. This was about 10 years ago. The replacement laptop is a core i5, two cores at 2.4 GHz. It's also
starting to feel sluggish now with web browsing. Email and my little development and whatever stuff is still fine.
So, it really depends what you intend to do with your computer. Light
use, a little web browsing on simple web pages, email, simple stuff
probably not a problem. Heavy web browsing on heavy pages, editing
complex documents or video, encoding video... Might need a lot of
patience.
what is it about the intel management engine that creeps you out?It may contain a backdoor, see: https://www.fsf.org/blogs/sysadmin/the-management-engine-an-attack-on-computer-users-freedom
On 29 Nov 2021 at 14:30:41 GMT, "Anssi Saari" <as@sci.fi> wrote:
So, it really depends what you intend to do with your computer. Light
use, a little web browsing on simple web pages, email, simple stuff probably not a problem. Heavy web browsing on heavy pages, editing
complex documents or video, encoding video... Might need a lot of
patience.
Definitely put as much RAM in the machine as it can take, in order to
keep it even vaguely viable. Use SSDs as well - give the old thing every possible advantage.
What I'd actually suggest is a Pi4 or CM4/8gig though. It'll almost
certainly be quicker than an Athlon for most things and has a lot more
Linux support (don't use PiOS for your desktop though, it still has the horrific laggy mouse). You can even pull out a PCIe x1 slot, easier on a
CM4 carrier board.
Spiros Bousbouras <spibou@gmail.com> writes:
The Intel management engine and the analogous from AMD creep me out so I want to put a computer together using old processors from before these facilities came into the picture.
Is there a reason why you don’t want to buy a current platform and
disable the feature in the firmware? You might need to do a bit of
research to ensure you get something where disabling it is possible but
it seems a lot easier than building a computer from old parts.
Richard Kettlewell <invalid@invalid.invalid> wrote:
Spiros Bousbouras <spibou@gmail.com> writes:
The Intel management engine and the analogous from AMD creep me out
so I want to put a computer together using old processors from
before these facilities came into the picture.
Is there a reason why you don’t want to buy a current platform and
disable the feature in the firmware? You might need to do a bit of
research to ensure you get something where disabling it is possible
but it seems a lot easier than building a computer from old parts.
Is it possible to disable them ? https://en.wikipedia.org/wiki/AMD_Secure_Technology does not say
anything.
The Intel management engine and the analogous from AMD creep me out so I
want to put a computer together using old processors from before these facilities came into the picture. Operating system will be Linux. I
already have AMD Sempron and Athlon processors and now I need the rest. www.pcupgrade.co.uk sells old motherboards. I have a few questions
related to my endeavour :
Is there any notion of compatibility between computer cases and
motherboards ? If yes , how do I ensure that I get a case such that an old motherboard (one with an AM2 socket) fits ?
Are there any issues related to my efforts I should be aware of ? I mean issues specific to putting a computer together from old parts.
The only experience I have in putting a computer together is adding components to a barebones computer but I've never done it from scratch.
On 29/11/2021 11:26, Spiros Bousbouras wrote:
The Intel management engine and the analogous from AMD creep me out so I want to put a computer together using old processors from before these facilities came into the picture. Operating system will be Linux. I
already have AMD Sempron and Athlon processors and now I need the rest. www.pcupgrade.co.uk sells old motherboards. I have a few questions
related to my endeavour :
Is there any notion of compatibility between computer cases and motherboards ? If yes , how do I ensure that I get a case such that an old motherboard (one with an AM2 socket) fits ?
Are there any issues related to my efforts I should be aware of ? I mean issues specific to putting a computer together from old parts.
The only experience I have in putting a computer together is adding components to a barebones computer but I've never done it from scratch.
what is it about the intel management engine that creeps you out?
P.S. I have a number of spare PCs in loft up for sale if you are interested...
Asus A8N32-SLI Deluxe board with an AMD Athlon with 4GB RAM
Asus P5LD2-Deluxe with Intel processor and 4GB ram
I think I have a 3rd machine knocking about thats more recent I will
have to have a dig.
One of the problems with older motherboards, is the "bad cap" problem.If these are through-hole caps you can solder them out and replace
SH <i.love.spam@spam.com> wrote:
what is it about the intel management engine that creeps you out?
That there is a part of the processor running secret code which has
access to everything on the computer (memory , storage media ,
internet communications) and nothing in the software that you choose
to run on your computer can affect this.
Note also that these management engines are an additional large and complicated attack surface which doesn't buy *me* anything. I'm not
even sure why they're there , I mean what is the official
justification ?
I'd rather avoid Intel since their processors have had too many vulnerabilities over the years even unrelated to the management
engine.
Spiros Bousbouras <spibou@gmail.com> writes:
SH <i.love.spam@spam.com> wrote:
what is it about the intel management engine that creeps you out?
That there is a part of the processor running secret code which has
access to everything on the computer (memory , storage media ,
internet communications) and nothing in the software that you choose
to run on your computer can affect this.
You could say much the same about the CPU microcode or the platform
firmware (e.g. UEFI, or BIOS if you can find something old enough).
Disabling this stuff may reduce your total risk, but not necessarily by
as much as you hope.
On 29 Nov 2021 15:16:44 GMT
Jaimie Vandenbergh <jaimie@usually.sessile.org> wrote:
On 29 Nov 2021 at 14:30:41 GMT, "Anssi Saari" <as@sci.fi> wrote:
So, it really depends what you intend to do with your computer. Light
use, a little web browsing on simple web pages, email, simple stuff
probably not a problem. Heavy web browsing on heavy pages, editing
complex documents or video, encoding video... Might need a lot of
patience.
Definitely put as much RAM in the machine as it can take, in order to
keep it even vaguely viable. Use SSDs as well - give the old thing every
possible advantage.
As I say in <A+E9DrGA11MTXVeuJ@bongo-ra.co> , 2 gigabytes RAM work fine at present and I don't expect that my computing needs will go up.
But if it's
easy to add more , I will add more. I also don't see why SSD vs hard disk would matter to me because my current hard disk doesn't get much work.
What I'd actually suggest is a Pi4 or CM4/8gig though. It'll almost
certainly be quicker than an Athlon for most things and has a lot more
Linux support (don't use PiOS for your desktop though, it still has the
horrific laggy mouse). You can even pull out a PCIe x1 slot, easier on a
CM4 carrier board.
Several questions here :
- Do ARM processors have anything analogous to the Intel management engine ? If not then yes , that's a plus in my book. Plus I want to learn some ARM assembly so having an ARM processor would be a bonus.
- Can a Raspberry Pi offer a usual desktop experience ? For example can I expect the applications on Linux repositories to work ?
- Why would Linux be better supported on a Raspberry Pi than an AMD processor ?
As far as I know , Linux works equally well on all mainstream processors.
On Mon, 29 Nov 2021 15:34:58 +0000
SH <i.love.spam@spam.com> wrote:
On 29/11/2021 11:26, Spiros Bousbouras wrote:
The Intel management engine and the analogous from AMD creep me out so I >>> want to put a computer together using old processors from before thesewhat is it about the intel management engine that creeps you out?
facilities came into the picture. Operating system will be Linux. I
already have AMD Sempron and Athlon processors and now I need the rest.
www.pcupgrade.co.uk sells old motherboards. I have a few questions
related to my endeavour :
Is there any notion of compatibility between computer cases and
motherboards ? If yes , how do I ensure that I get a case such that an old >>> motherboard (one with an AM2 socket) fits ?
Are there any issues related to my efforts I should be aware of ? I mean >>> issues specific to putting a computer together from old parts.
The only experience I have in putting a computer together is adding
components to a barebones computer but I've never done it from scratch.
That there is a part of the processor running secret code which has access to everything on the computer (memory , storage media , internet communications) and nothing in the software that you choose to run on your computer can affect this. There is no documented way to disable it either. For Intel management engine in particular , a huge number of vulnerabilities have been found. That's the part with 0 speculation. The speculation that it may be an intended backdoor , is plausible. This is the summary. For full details see (a lot worse for Intel than for AMD)
https://en.wikipedia.org/wiki/Intel_Management_Engine
https://en.wikipedia.org/wiki/AMD_Secure_Technology
Note also that these management engines are an additional large and complicated attack surface which doesn't buy *me* anything. I'm not even sure why they're there , I mean what is the official justification ? Why should I undertake the additional risk , if I don't get anything in return ? The better performance is of almost no consequence to me and the management engines are unrelated to the better performance anyway. So , even if I wanted the better performance , it seems like a dubious deal that I should accept a greater risk as a price.
P.S. I have a number of spare PCs in loft up for sale if you are
interested...
Asus A8N32-SLI Deluxe board with an AMD Athlon with 4GB RAM
Asus P5LD2-Deluxe with Intel processor and 4GB ram
I'd rather avoid Intel since their processors have had too many vulnerabilities over the years even unrelated to the management engine. Assuming the AMD processor is old enough not to have the "secure technology" (how can one know this ?) and the computer is working , I'm interested. Email me (see header) and we'll talk privately.
I think I have a 3rd machine knocking about thats more recent I will
have to have a dig.
On 29 Nov 2021 at 18:46:48 GMT, "Spiros Bousbouras" <spibou@gmail.com>
wrote:
On 29 Nov 2021 15:16:44 GMT
Jaimie Vandenbergh <jaimie@usually.sessile.org> wrote:
On 29 Nov 2021 at 14:30:41 GMT, "Anssi Saari" <as@sci.fi> wrote:
So, it really depends what you intend to do with your computer. Light
use, a little web browsing on simple web pages, email, simple stuff
probably not a problem. Heavy web browsing on heavy pages, editing
complex documents or video, encoding video... Might need a lot of
patience.
Definitely put as much RAM in the machine as it can take, in order to
keep it even vaguely viable. Use SSDs as well - give the old thing every >>> possible advantage.
As I say in <A+E9DrGA11MTXVeuJ@bongo-ra.co> , 2 gigabytes RAM work fine at >> present and I don't expect that my computing needs will go up.
You don't use the modern web much, I take it - that forces higher specs
on you otherwise, or your view of the Internet will slowly constrict.
But if it's
easy to add more , I will add more. I also don't see why SSD vs hard disk
would matter to me because my current hard disk doesn't get much work.
Swap.
What I'd actually suggest is a Pi4 or CM4/8gig though. It'll almost
certainly be quicker than an Athlon for most things and has a lot more
Linux support (don't use PiOS for your desktop though, it still has the
horrific laggy mouse). You can even pull out a PCIe x1 slot, easier on a >>> CM4 carrier board.
Several questions here :
- Do ARM processors have anything analogous to the Intel management engine ? >> If not then yes , that's a plus in my book. Plus I want to learn some ARM
assembly so having an ARM processor would be a bonus.
I am fairly sure (but not 100%) that they do not. Raspberry have solid documentation, and I've not found an extra controller inside but also
they don't make a statement that there isn't (I mean why would they
think to?) https://www.raspberrypi.com/documentation/computers/processors.html#bcm2835
- Can a Raspberry Pi offer a usual desktop experience ? For example can I
expect the applications on Linux repositories to work ?
Yes. Full Ubuntu, Fedora, Manjaro, Kali distros/repos and more are
available.
- Why would Linux be better supported on a Raspberry Pi than an AMD processor ?
As far as I know , Linux works equally well on all mainstream processors.
I was thinking modern well-defined fixed Pi hardware would be more
likely to have current support than random 2005 Athlon boards, but it
could be comparable. AMD were very second-string back then and some
stuff never made it into mainstream Linux support - more could have
fallen out by now. Check the video, audio and network on your board of
choice are supported before purchasing.
Cheers - Jaimie
Am Mon, 29 Nov 2021 14:34:56 -0500
schrieb Paul <nospam@needed.invalid>:
One of the problems with older motherboards, is the "bad cap" problem.If these are through-hole caps you can solder them out and replace
them, I often do that if a cap fails.
On 29 Nov 2021 at 18:46:48 GMT, "Spiros Bousbouras" <spibou@gmail.com>
wrote:
- Do ARM processors have anything analogous to the Intel management engine ?
If not then yes , that's a plus in my book. Plus I want to learn some ARM assembly so having an ARM processor would be a bonus.
I am fairly sure (but not 100%) that they do not. Raspberry have solid documentation, and I've not found an extra controller inside but also
they don't make a statement that there isn't (I mean why would they
think to?) https://www.raspberrypi.com/documentation/computers/processors.html#bcm2835
On Mon, 29 Nov 2021 14:34:56 -0500
Paul <nospam@needed.invalid> wrote:
Is there a specific objective this computer has to meet ?
Is it running the heating system, recording security video,
stuck in the loft ?
General desktop usage : writing text , computer programming (nothing too long) , watching videos and DVDs , listening to audio CDs , internet browsing (mainly with a text browser.I'm not worried about slowness with a graphical browser so lets not get stuck on that) , running chess engines (I don't need maximum performance). See also <A+E9DrGA11MTXVeuJ@bongo-ra.co> in this thread.
I also have an external hard disk which I connect through a USB port. The disk
mostly has videos in 360p or 720p resolution and I want the transfer rate to be good enough that I can watch them at normal playback speed (using mplayer) .
I also want to be able to connect a DVD reader/writer ; no need for blu-ray.
On 11/29/2021 6:26 AM, Spiros Bousbouras wrote:
The Intel management engine and the analogous from AMD creep me out so I want to put a computer together using old processors from before these facilities came into the picture. Operating system will be Linux. I
already have AMD Sempron and Athlon processors and now I need the rest. www.pcupgrade.co.uk sells old motherboards. I have a few questions
related to my endeavour :
Is there any notion of compatibility between computer cases and motherboards ? If yes , how do I ensure that I get a case such that an old motherboard (one with an AM2 socket) fits ?
Are there any issues related to my efforts I should be aware of ? I mean issues specific to putting a computer together from old parts.
The only experience I have in putting a computer together is adding components to a barebones computer but I've never done it from scratch.
How many computers do you currently have ?
Is there a specific objective this computer has to meet ?
Is it running the heating system, recording security video,
stuck in the loft ?
People don't usually start building computers for no reason.
Perhaps if you described your objectives and provided some
background, we could offer some suggestions.
*******
One of the problems with older motherboards, is the "bad cap" problem.
For example, a regular poster here, he bought a "spare" motherboard.
His original motherboard failed. Well, the spare only operated
for a short time before it failed too. Viewing a picture of the
new failure, it had a leaking capacitor on it, and that's why
it is unstable and won't behave properly.
When buying the old stuff, you want materials not of that
generation, to reduce the risks involved in "investing in junk".
If it were not for the "bad capacitor era", I could be a bit
more encouraging about Smithsonian-style compute projects.
But as long as scumbags are willing to sell broken goods to
people, it's sometimes safer to buy newer kit.
You could do an RPi 4 and use an SSD for storage with it.
There's no ME on that. Some of the Pi models are in shortage
right now, and only the higher end ones might be available
(like the one with max RAM).
https://www.tomshardware.com/news/raspberry-pi-4-ssd-test,39811.html
On Mon, 29 Nov 2021 14:34:56 -0500
On Sat, 4 Dec 2021 15:56:11 -0000 (UTC)
Spiros Bousbouras <spibou@gmail.com> wrote:
On Mon, 29 Nov 2021 14:34:56 -0500
Paul <nospam@needed.invalid> wrote:
Is there a specific objective this computer has to meet ?
Is it running the heating system, recording security video,
stuck in the loft ?
General desktop usage : writing text , computer programming (nothing too
long) , watching videos and DVDs , listening to audio CDs , internet browsing
(mainly with a text browser.I'm not worried about slowness with a graphical >> browser so lets not get stuck on that) , running chess engines (I don't need >> maximum performance). See also <A+E9DrGA11MTXVeuJ@bongo-ra.co> in this
thread.
I describe my current usage also in <kAJYUx0G5jRDy4UK5@bongo-ra.co> .
I also have an external hard disk which I connect through a USB port. The disk
mostly has videos in 360p or 720p resolution and I want the transfer rate to >> be good enough that I can watch them at normal playback speed (using mplayer) .
I also want to be able to connect a DVD reader/writer ; no need for blu-ray.
Spiros Bousbouras <spibou@gmail.com> writes:
Richard Kettlewell <invalid@invalid.invalid> wrote:
Spiros Bousbouras <spibou@gmail.com> writes:
The Intel management engine and the analogous from AMD creep me out
so I want to put a computer together using old processors from
before these facilities came into the picture.
Is there a reason why you don’t want to buy a current platform and
disable the feature in the firmware? You might need to do a bit of
research to ensure you get something where disabling it is possible
but it seems a lot easier than building a computer from old parts.
Is it possible to disable them ? https://en.wikipedia.org/wiki/AMD_Secure_Technology does not say
anything.
https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm?turl=WordDocuments%2Fdisablingintelamt.htm
On Mon, 29 Nov 2021 20:05:24 +0000
Richard Kettlewell <invalid@invalid.invalid> wrote:
Spiros Bousbouras <spibou@gmail.com> writes:
Richard Kettlewell <invalid@invalid.invalid> wrote:
Spiros Bousbouras <spibou@gmail.com> writes:
The Intel management engine and the analogous from AMD creep me out
so I want to put a computer together using old processors from
before these facilities came into the picture.
Is there a reason why you don’t want to buy a current platform and
disable the feature in the firmware? You might need to do a bit of
research to ensure you get something where disabling it is possible
but it seems a lot easier than building a computer from old parts.
Is it possible to disable them ?
https://en.wikipedia.org/wiki/AMD_Secure_Technology does not say
anything.
https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm?turl=WordDocuments%2Fdisablingintelamt.htm
This page is about disabling AMT : https://en.wikipedia.org/wiki/Intel_Management_Engine :
The Management Engine is often confused with Intel AMT (Intel Active
Management Technology). AMT runs on the ME, but is only available on
processors with vPro. AMT gives device owners remote administration of
their computer,^[6] such as powering it on or off, and reinstalling the
operating system.
However, the ME itself is built into all Intel chipsets since 2008, not
only those with AMT. While AMT can be unprovisioned by the owner, there
is no official, documented way to disable the ME.^[citation needed]
Although it says "citation needed" , I find it unlikely that , if there was a way to disable the ME , someone would not have added it to the article by now. In
any case see also
https://www.techrepublic.com/article/is-the-intel-management-engine-a-backdoor/ :
Various sources report that Intel's latest x86 chips contain a secret
backdoor. SoftPedia cites security expert Damien Zammit as revealing that
these Intel chips come with an embedded subsystem called the Management
Engine (ME) that functions as a separate CPU and cannot be disabled, and
the code is proprietary.
[...]
However, the ME contains the AMT instructions, which can function
similarly to wake-on-LAN. That means if the right person used the ME to
gain access to a machine, they could then take advantage of AMT and boot
the machine. Viola! Your PC is now readily available for someone with the
requisite skills to pick and choose what they want--this could include
company data.
[...]
The good news is that you can disable the AMT feature. Here's how.
* In the PC BIOS, go to Advance Chipset Feature | Intel AMT
(Enabled,Disabled)
* During boot, CTRL+P to go to AMT Menu | Intel ME Control State
(Enabled,Disabled)
There is no way to know if the ME has the ability to re-enable AMT on its
own. Why? Because no one except Intel knows what exactly it contains. So,
you could disable ATM on the machine and not know if the ME can
circumvent that BIOS setting.
On 12/5/2021 10:39 AM, Spiros Bousbouras wrote:
On Mon, 29 Nov 2021 20:05:24 +0000
Richard Kettlewell <invalid@invalid.invalid> wrote:
Spiros Bousbouras <spibou@gmail.com> writes:
https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm?turl=WordDocuments%2Fdisablingintelamt.htm
This page is about disabling AMT : https://en.wikipedia.org/wiki/Intel_Management_Engine :
The Management Engine is often confused with Intel AMT (Intel Active
Management Technology). AMT runs on the ME, but is only available on
processors with vPro. AMT gives device owners remote administration of
their computer,^[6] such as powering it on or off, and reinstalling the
operating system.
However, the ME itself is built into all Intel chipsets since 2008, not
only those with AMT. While AMT can be unprovisioned by the owner, there
is no official, documented way to disable the ME.^[citation needed]
Although it says "citation needed" , I find it unlikely that , if there was a
way to disable the ME , someone would not have added it to the article by now. In
any case see also
https://www.techrepublic.com/article/is-the-intel-management-engine-a-backdoor/ :
Various sources report that Intel's latest x86 chips contain a secret
backdoor. SoftPedia cites security expert Damien Zammit as revealing that
these Intel chips come with an embedded subsystem called the Management
Engine (ME) that functions as a separate CPU and cannot be disabled, and
the code is proprietary.
[...]
However, the ME contains the AMT instructions, which can function
similarly to wake-on-LAN. That means if the right person used the ME to
gain access to a machine, they could then take advantage of AMT and boot
the machine. Viola! Your PC is now readily available for someone with the
requisite skills to pick and choose what they want--this could include
company data.
[...]
The good news is that you can disable the AMT feature. Here's how.
* In the PC BIOS, go to Advance Chipset Feature | Intel AMT
(Enabled,Disabled)
* During boot, CTRL+P to go to AMT Menu | Intel ME Control State
(Enabled,Disabled)
There is no way to know if the ME has the ability to re-enable AMT on its
own. Why? Because no one except Intel knows what exactly it contains. So,
you could disable ATM on the machine and not know if the ME can
circumvent that BIOS setting.
It's not a "secret" enclave, as there was at least one slide
deck about the feature set.
I've not seen a slide deck since the Wifi was added to
the more modern setups. The Intel NIC is dual-headed
(so certain NICs are needed to make it work). And it is
possible the Intel Wifi modules have dual head as well.
http://pds4.egloos.com/pds/200706/04/57/ps_adts003.pdf
Since it potentially can be used for anti-theft purposes,
that's why there can't be a hardware jumper plug to
guarantee it is off. A thief would just use that.
Spiros Bousbouras <spibou@gmail.com> writes:
SH <i.love.spam@spam.com> wrote:
what is it about the intel management engine that creeps you out?
That there is a part of the processor running secret code which has
access to everything on the computer (memory , storage media ,
internet communications) and nothing in the software that you choose
to run on your computer can affect this.
You could say much the same about the CPU microcode or the platform
firmware (e.g. UEFI, or BIOS if you can find something old enough).
Note also that these management engines are an additional large and complicated attack surface which doesn't buy *me* anything. I'm not
even sure why they're there , I mean what is the official
justification ?
Platform-level remote management.
I'd rather avoid Intel since their processors have had too many vulnerabilities over the years even unrelated to the management
engine.
How many is too many? AMD and ARM CPUs have had vulnerabilities too, and almost certainly will have more in the future.
In all cases I suspect
you’re more at risk from vulnerabilities in the software you run on
them.
Disabling this stuff may reduce your total risk, but not necessarily by
as much as you hope.
On Mon, 29 Nov 2021 20:05:24 +0000
Richard Kettlewell <invalid@invalid.invalid> wrote:
Spiros Bousbouras <spibou@gmail.com> writes:
[...]Is it possible to disable them ? https://en.wikipedia.org/wiki/AMD_Secure_Technology does not say anything.
https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm?turl=WordDocuments%2Fdisablingintelamt.htm
This page is about disabling AMT : https://en.wikipedia.org/wiki/Intel_Management_Engine :
The Management Engine is often confused with Intel AMT (Intel Active
Management Technology). AMT runs on the ME, but is only available on
processors with vPro. AMT gives device owners remote administration of
their computer,^[6] such as powering it on or off, and reinstalling the
operating system.
However, the ME itself is built into all Intel chipsets since 2008, not
only those with AMT. While AMT can be unprovisioned by the owner, there
is no official, documented way to disable the ME.^[citation needed]
Although it says "citation needed" , I find it unlikely that , if there was a way to disable the ME , someone would not have added it to the article by now. In
any case see also
https://www.techrepublic.com/article/is-the-intel-management-engine-a-backdoor/ :
Spiros Bousbouras <spibou@gmail.com> writes:
SH <i.love.spam@spam.com> wrote:
what is it about the intel management engine that creeps you out?
That there is a part of the processor running secret code which has
access to everything on the computer (memory , storage media ,
internet communications) and nothing in the software that you choose
to run on your computer can affect this.
You could say much the same about the CPU microcode or the platform
firmware (e.g. UEFI, or BIOS if you can find something old enough).
Richard Kettlewell <invalid@invalid.invalid> wrote:
Spiros Bousbouras <spibou@gmail.com> writes:
SH <i.love.spam@spam.com> wrote:
what is it about the intel management engine that creeps you out?
That there is a part of the processor running secret code which has
access to everything on the computer (memory , storage media ,
internet communications) and nothing in the software that you choose
to run on your computer can affect this.
You could say much the same about the CPU microcode or the platform
firmware (e.g. UEFI, or BIOS if you can find something old enough).
Sorry , I forgot to reply to that part.
If you mean that CPU microcode potentially has access to the same
things then yes. But if you mean that it actually does then there's no
reason to think so. If for example I learned that , microcode of some
CPU , which microcode ostensibly exists to compute the sine fucntion ,
tries for access to the network , I would be worried.
Regarding firmware , similar considerations apply but I only have a
vague idea what firmware duties are. But one central criterion is the
same : do the accesses follow from the nature of its functions or are
they arbitrary ? If it's the latter , I'd rather avoid the extra risk.
Are you saying that the management engine serves anti-theft purposes ? How ?
On 29 Nov 2021 at 18:46:48 GMT, "Spiros Bousbouras" <spibou@gmail.com>
wrote:
On 29 Nov 2021 15:16:44 GMT
Jaimie Vandenbergh <jaimie@usually.sessile.org> wrote:
Definitely put as much RAM in the machine as it can take, in order to
keep it even vaguely viable. Use SSDs as well - give the old thing every >> possible advantage.
As I say in <A+E9DrGA11MTXVeuJ@bongo-ra.co> , 2 gigabytes RAM work fine at present and I don't expect that my computing needs will go up.
You don't use the modern web much, I take it - that forces higher specs
on you otherwise, or your view of the Internet will slowly constrict.
But if it's
easy to add more , I will add more. I also don't see why SSD vs hard disk would matter to me because my current hard disk doesn't get much work.
Swap.
What I'd actually suggest is a Pi4 or CM4/8gig though.
Jaimie Vandenbergh <jaimie@usually.sessile.org> wrote:
On 29 Nov 2021 at 18:46:48 GMT, "Spiros Bousbouras" <spibou@gmail.com> wrote:
- Do ARM processors have anything analogous to the Intel management engine ?
If not then yes , that's a plus in my book. Plus I want to learn some ARM assembly so having an ARM processor would be a bonus.
I am fairly sure (but not 100%) that they do not. Raspberry have solid documentation, and I've not found an extra controller inside but also
they don't make a statement that there isn't (I mean why would they
think to?) https://www.raspberrypi.com/documentation/computers/processors.html#bcm2835
Arm designs processors, it doesn't design chips. It's up to the chip designer
to decide what else to put in there. For example you can get the same Arm core with an Arm, Qualcomm or Broadcom GPU.
It is quite common for systems on chip to have additional microcontroller cores for managing things, for example booting, clocks, power and DDR
timing. Some of those may be exposed (as a 'system control unit'), but others aren't. For example the battery will have a microcontroller in it to keep an eye on the charging/discharging profile, the touchpad will have a microcontroller for speaking USB, etc etc. Many of those microcontrollers don't have access to system memory (especially not the ones off-chip), but some do. They don't often appear on the datasheet as a 'processor' but simply as a functional block for doing those things (eg a battery monitoring unit). Almost none of the firmware that runs on all of these pieces is open source.
In the Raspberry Pi case there's a GPU that runs closed-source firmware, so it's not unusual in that respect. Whether it's analogous to the Intel ME depends on what you're concerned about: the GPU doesn't have a network
socket on it, but then it can reach the ethernet controller (maybe another CPU!) over the memory interconnect. (Arm offers a System MMU to provide
some degree of protection here, but the RPi doesn't use one).
So if you were worried about a supply chain attack providing you malicious GPU firmware then it's not going to help. If you're worried about malicious network traffic attacking the GPU, that won't get to the GPU in normal operation.
I'm not familiar with the internals of the 15-20 year old AMD systems you're talking about, but I would be unsurprised if there were similar control processors in there for doing similar kinds of tasks - just more basic ones. And of course those systems haven't had a BIOS update in 15 years so any vulnerability lurking in there is not going to be patched. When you start building a system with a GPU, network card, storage controller, etc, that's all firmware that hasn't seen updates in a decade or more.
TL;DR: you need to boil down to exactly what is objectionable in the Intel
ME before asking whether the same threat exists on other platforms. 'Other things running software you can't see / isn't open source' is a given, on anything more complex than a Sinclair Spectrum.
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 296 |
| Nodes: | 16 (2 / 14) |
| Uptime: | 60:21:02 |
| Calls: | 6,654 |
| Calls today: | 6 |
| Files: | 12,200 |
| Messages: | 5,331,392 |
