Intel can steal all your crypto-assets

Hello folks,

sorry for bursting this cozy bubble a little bit which this community seems to have come to carefully foster, but we do have quite a bit of an elephant in the room.

The FSF published a great article about a painful issue about which many of us who should know better prefer to keep their heads buried in the sand.

Intel & ME, and why we should get rid of ME

If you did not know, built into all modern Intel-based platforms is a small, low-power computer subsystem called the Intel Management Engine (ME). It performs various tasks while the system is in sleep mode, during the boot process, and also when your system is running.

Architecturally, the ME varies from model to model, and over the past decade it has been growing in complexity. In general, it consists of of one or more processor cores, memory, system clock, internal bus, and reserved protected memory used as part of its own cryptography engine. It has its own operating system and suite of programs, and it has access to the main system's memory, as well as access to the network through the Intel Gigabit Ethernet Controller. If you had control over the ME, then it would be a powerful subsystem that could be used for security and administration of your device.

The ME firmware runs various proprietary programs created by Intel for the platform, including its infamous Active Management Technology (AMT), Intel's Boot Guard, and an audio and video Digital Restrictions Management system specifically for ultra-high definition media called "Intel Insider." While some of this technology is marketed to provide you with convenience and protection, what it requires from you, the user, is to give up control over your computer. This control benefits Intel, their business partners, and large media companies. Intel is effectively leasing-out to the third-parties the rights to control how, if, and when you can access certain data and software on your machine.

Leah Woods of GNU Libreboot states that the "Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that can't be ignored."

At this time, developing free replacement firmware for the ME is basically impossible. The only entity capable of replacing the ME firmware is Intel and its OEM partners. And, since the ME is a control hub for your machine, you can no longer simply disable the ME like you could on earlier models, such as the Libreboot X200 laptop.

[...]

https://www.fsf.org/blogs/licensing/intel-me-and-why-we-should-get-rid-of-me

Phones and other mobile devices have similar problems. Only things like paper wallets are safe, but not practicable for all potential and imaginable use-cases beyond savings.

We must solve this problem before we can seriously continue with all this crypto self-ownership stuff, or we can all basically go home!

We need free and open hardware NOW! We need to create and support projects in this direction!

Many have tried and failed to compete with Intel, so it's going to be a long hard road. We need to attack them from all sides: political and technological.

I just want to spread some awareness about this, otherwise everything we're doing here and in other crypto communities will have to impact on the real world out there, we'd just be like children playing with toys.

Thank you all for your attention!