Uncategorized

Reversing Intel ME’s ROMP module

Reverse-engineering the Intel Management Engine’s ROMP module
Youness Alaoui, Hardware enablement developer

Last month, while I was waiting for hardware to arrive and undergo troubleshooting, I had some spare time to begin some Intel ME reverse engineering work. First, I need to give some shout out to Igor Skochinsky, a Hex-Rays developer, who had been working on reverse engineering the Intel ME for a while, and who has been very generous in sharing his notes and research on the ME with us, which is going to be a huge help and cut down months of reverse engineering and guesswork. Igor was very helpful in getting me to understand the bits that didn’t make sense to me. The first thing I wanted to try and reverse was the ROMP module. It is one of the two modules that me_cleaner doesn’t remove, and given how small it is (less than 1KB of code+data), I thought it would be a good starting point. Turns out my hunch was right, as I finished reverse engineering that module after only a couple of days.[…]

https://puri.sm/posts/reverse-engineering-the-intel-management-engine-romp-module/

https://github.com/kakaroto/purism-playground

Standard
Uncategorized

Purism and Trammell Hudson partnership

It looks like Purism is going to use Heads now! I hope other OEMs consider some of the features Heads offers.

http://www.marketwired.com/press-release/security-researcher-trammell-hudson-device-maker-purism-join-forces-set-new-standard-2209477.htm

http://finance.yahoo.com/news/security-researcher-trammell-hudson-device-160000558.html

https://puri.sm/posts/purism-collaborates-with-heads-project-to-co-develop-security-focused-laptops/

Standard
Uncategorized

Purism Librem 13 coreboot update

Here are the news you’ve been waiting for: the coreboot port for the Librem 13 v1 is 100% done! I fixed all of the remaining issues, it is now fully working and is stable, ready for others to enjoy. I fixed the instability problem with the M.2 SATA port, finished running all the tests to ensure coreboot is working correctly, fixed the headphone jack that was not working, made the boot prettier, and started investigating the Intel Management Engine issue. Read on for details.[…]

https://puri.sm/posts/librem-13-coreboot-report-february-25th-2017/

 

Standard
Uncategorized

Purism announces advisory board

Purism announces advisory board, and one of the members is Linux firmware security expert Matthew Garrett, which is good news:

http://www.prweb.com/releases/2016/09/prweb13650532.htm

 

 

Standard
Uncategorized

Purism’s secure tablet

Purism started making laptops, but have now extended to tablets. Their current IndieGoGo-based funding effort only has 3 days left!

 

Purism builds a secure tablet with physical wi-fi and camera switches

 

https://www.indiegogo.com/projects/librem-2-in-1-tablet-that-does-not-track-you#/

Standard
Uncategorized

Petition for Intel to build a no-ME system

Here is where to sign:

Petition for Intel to Release an ME-less CPU design

I hope someone does a petition to get the Stateless Laptop built. If Intel builds a new ME-less system, it should also be building this Stateless system as part of it.

http://blog.invisiblethings.org/2015/12/23/state_harmful.html

AND… I don’t understand why OEMs are dancing around with tamper resistant screws. IMO, a system needs a lock, a good one, since lockpicking is a normal hacker sport, most locks are useless. A good laptop should have a lock to prevent casual evil maids. The Google Chromebox Pixel Developer Mode scew is nice, but an evil maid could also use that, no lock. Cars have locks. Houses have locks. Computer server rooms have locks. Data contained in laptops are often worth more than cars and houses. Why do modern expensive computers have no locks? Cost? Governments would not want them, harder to access boxes going through customs? I want a Stateless Laptop, with a secure metal enclosure and a good quality lock. Then I’ll keep the key and thumbdrives with me, and just deal with rubberhose attacks, not evil maid attacks.

Standard