Hacker News new | past | comments | ask | show | jobs | submit login

The issue I have is companies like Google and Puri.sm have asked Intel and AMD for a blank signed blob that completely disables ME but they have refused this. It would take them literally no time at all. This raises all sorts of red flags that something dodgy is going on.

If you had the chance to make a supplier who creates millions of chromebooks happy, wouldn't you take every opportunity to help them, especially if it costs you little to no money at all. Obviously there is a big reason why they don't want this backdoor removed.




Which is why someone with deep enough pockets and some help by the community (crowdfunding?) should invest in making open alternatives possible. Thousands of people have been laid off in the past by big silicon corporations, I refuse to believe there aren't 10 of those people in the world who caannot be hired to design an open platform. It doesn't have to be fast as modern processors; if it allows opening a webpage at acceptable speed or playing a video at 30fps 720p that is more than enough for most us, and more importantly would send a huge message. Many would of course disagree, mainly gamers who would sell their soul to the devil for a faster graphics card or other people who don't care about their privacy. Once the design is done, it comes the fab. Decades ago any company would have to set up its own but today there are fabless companies who design chips and fabs producing them for various customers, so it's just a matter of money. The goal isn't to create an alternative with respect to computing power, but rather in usage. The message is "we're not using your bugged shit to communicate among us or keep our data".


halvar flake (Google P0 security guy) talk a bit about it in the last Black Hat Asia : https://www.youtube.com/watch?v=JCa3PBt4r-k.

Basically he says that even Google is puny (in terms of production units) in front of Intel or Samsung, and cannot ask for custom firmwares.

Hardware security is currently a shit show because of global monopolies/"oligopolies".


If Google is tiny in Intel's eyes, who isn't?

They operate a top 3 cloud service and have enormous internal data centers as well.


Companies that act as OEMs for enterprises most likely have a larger footprint of Intel installs than Google. Any single companies usage of a product is dwarfed by how much effective installs a large OEM might have.

Maybe if Lenovo, Toshiba, Acer, Dell, etc all asked Intel to provide said blobs (and the threat was tangible) then they would probably reconsider.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: