1. Forum
  2. Newsgroups
  3. colsec

  • Hidden Operating Systems in Chips vs. Secure, Auditable OSes: ACybersecurity Comparison

    From jaworski1978@jaworski1978@adres.pl to pl.comp.os.linux,comp.os.linux.advocacy,comp.os.linux.security,comp.os.linux.hardware on Wed Jun 11 00:41:19 2025
    From Newsgroup: comp.os.linux.security

    Cześć!/Hi!

    Did you know about "Intel Management Engine (ME)" or "AMD Platform
    Security Processor (PSP)" if no then read now:

    <https://puri.sm/posts/hidden-operating-systems-in-chips-vs-secure-auditable-oses-a-cybersecurity-comparison>
    --
    Spokojnej nocy!/Sleep well!
    Jacek Marcin Jaworski
    Domowa s. WWW: <https://energokod.pl>;
    Mini Netykieta: <https://energokod.pl/MiniNetykieta.html>.
    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From R Daneel Olivaw@Danni@hyperspace.vogon.gov to comp.os.linux.security on Fri Jun 13 10:50:20 2025
    From Newsgroup: comp.os.linux.security

    🇵🇱Jacek Marcin Jaworski🇵🇱 wrote:
    Cześć!/Hi!

    Did you know about "Intel Management Engine (ME)" or "AMD Platform
    Security Processor (PSP)" if no then read now:

    <https://puri.sm/posts/hidden-operating-systems-in-chips-vs-secure-auditable-oses-a-cybersecurity-comparison>



    This problem has been known for years - even before that critical vulnerability (Intel-SA-00086) from 2017.
    The article says "The Management Engine in Intel devices is disabled to
    the extent possible", whatever that means. It does not say anything
    about AMD, and there is also no reference to any known problems with
    AMD's PSP.
    Apart from that, the article is a sales pitch for Purism Products and is
    very much aimed at potential customers in the US. "Made in USA" is also
    not exactly a badge of trust any more, although I'm not sure which alternatives could be considered better.
    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Ralf Schneider@schneiderr@freenet.de to comp.os.linux.security on Wed Jul 30 16:04:31 2025
    From Newsgroup: comp.os.linux.security

    Am Wed, 11 Jun 2025 00:41:19 +0200 schrieb 🇵🇱Jacek Marcin Jaworski🇵🇱:
    Did you know about "Intel Management Engine (ME)" or "AMD Platform
    Security Processor (PSP)" if no then read now:

    This is really unexpected for me. How can tails and tor protect you now ?
    Was this all a deception for dummies ?
    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Marco Moock@mm@dorfdsl.de to comp.os.linux.security on Wed Jul 30 20:40:56 2025
    From Newsgroup: comp.os.linux.security

    On 30.07.2025 16:04 Uhr Ralf Schneider wrote:
    Am Wed, 11 Jun 2025 00:41:19 +0200 schrieb 🇵🇱Jacek Marcin Jaworski🇵🇱:
    Did you know about "Intel Management Engine (ME)" or "AMD
    Platform
    Security Processor (PSP)" if no then read now:

    This is really unexpected for me.
    Was known for years. :-)
    How can tails and tor protect you
    now ?
    Not at all, because the ME Is technically a separated mini computer
    inside your machine. It is intentionally separated from the main
    components.
    --
    kind regards
    Marco
    Send spam to 1753884271muell@stinkedores.dorfdsl.de
    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From jaworski1978@jaworski1978@adres.pl to comp.os.linux.security,pl.comp.os.linux on Tue Aug 26 22:43:57 2025
    From Newsgroup: comp.os.linux.security

    W dniu 11.06.2025 o 00:41, 🇵🇱Jacek Marcin Jaworski🇵🇱 pisze:
    Cześć!/Hi!

    Did you know about "Intel Management Engine (ME)" or "AMD Platform
    Security Processor (PSP)" if no then read now:

    <https://puri.sm/posts/hidden-operating-systems-in-chips-vs-secure-auditable-oses-a-cybersecurity-comparison>

    quote: "The Gazelle runs light System76 Open Firmware, which is powered
    by open source Coreboot technology. This allows System76 firmware
    engineers to disable the Intel Management Engine and provide periodic
    firmware updates for further protection."

    source: art. under title "System76 Announces Gazelle Laptop: A Powerful Everyday Companion", author anonim, URL:

    <https://blog.system76.com/post/system76-announces-gazelle-laptop>

    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Dennis V@social.ranked646@passinbox.com to comp.os.linux.security on Thu Sep 11 23:10:10 2025
    From Newsgroup: comp.os.linux.security

    On 2025-06-13, R Daneel Olivaw <Danni@hyperspace.vogon.gov> wrote:
    The article says "The Management Engine in Intel devices is disabled to
    the extent possible", whatever that means. It does not say anything
    about AMD, and there is also no reference to any known problems with
    AMD's PSP.

    For intel it's the HAP bit functionality (High Assurance Platform)
    where a magic bit placed in the firmware makes the ME shutdown after
    the boot process finishes.

    But even if you trust that the ME is off there have been vulnerabilities
    during booting that could bypass this
    (https://www.theregister.com/2017/12/06/ intel_management_engine_pwned_by_buffer_overflow/)

    --- Synchronet 3.21a-Linux NewsLink 1.2