Hacker News new | past | comments | ask | show | jobs | submit login

"It says on the page "This vulnerability does not exist on Intel-based consumer PCs." I'm not sure if that's true or not but Intel seems to think you'll be ok."

One thing to remember is that hardware costs money each time they instantiate a new mask set. Integrations cost money, too. That's on top of developing the individual components. So, a common trick in the hardware industry for a product family is to create one product that pretends to be several with a factory switch. Two examples come to mind: hard disks; mobile SOC's as embedded chips. In hard disks, there was at least one instance where vendor had same highest amount of space on all the drives with a switch saying how much to present to user based on what they paid. More profitable since mass producing one platter was cheaper. Another was in machines that people thought wouldn't connect to anything since they just had standalone-ish ARM chips. They actually had wireless functionality one could turn on with the right code. The ASIC guy that told me said he determined with was a chip used in cheap, mobile phones that they probably had a volume deal on and/or surplus. So, they just changed the firmware or something to make it pretend to be something else without notifying users.

Intel's stuff costs vastly more to mask out and verify than the above examples. That means they probably reuse silicon for anything that ends up in a lot of processors while turning some of it off with hardware or firmware switch at factory depending on what people bought. We can't know if any of this remote access is similar. That means that, if you don't want that, you can't trust any Intel CPU's made after that was introduced. Back to buying used multi-CPU boxes with 3GHz P4's. :)

Note: The PowerPC Amiga's like MorphOS suddenly look like they could have a purpose. Beautiful desktop with good performance that's probably not backdoored. Yet.

A big problem is that you cannot trust that the bits you don't want are irreversibly fused off and not just left disabled by the current microcode/firmware. Intel once sold a software switch to enable more L2 cache on a low-end CPU, so you really can't presume that any of their product segmentation switches are truly permanent once they've left the factory.

When Intel indicates that my B250 and Z270 chipsets don't support AMT, it's still quite possible that the ME firmware on those motherboards has the vulnerable code present but not currently running.

In that case, one has to spend extra money on ChipWorks tearing it down to verify that what they saw in other one was removed. There's also companies that sell such equipment.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact