-----Original Message----- From: tor-relays [mailto:tor-relays-bounces@lists.torproject.org] On Behalf Of grarpamp Sent: Friday, December 09, 2016 11:18 AM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Exploiting firmware
Intel ME/AMT concerns me too
AMD Family 15h itself is safe.
No one has any proof of that for any modern cpu from any maker, featureset irrelavant. They all accept microcode updates, which btw are all encrypted closed binary blobs. And the chips themselves are fully closed >source containing billions of transistors. You simply have no idea what's in there and no way to economically and publicly test or negotiate to find out and openly publish it all.
Talking about known shit like advertised ME/AMT + LM-NIC's corp management platform is fine, you might be able to mitigate. But it's the unknown that will kill you.
Billions of secret transistors... billions. Not good, and not necessary.
Agreed. Effort spent on guessing which closed source processor is safe is a wasted effort, and any conclusion that a certain processor is "safe" is a dangerous delusion resulting in flawed threat models. Just modify your threat model with the compromised processor assumption, calculate the risk of your specific computer being targeted, mitigate to the extent possible and get on with your life.
Rana