From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	MAILING_LIST_MULTI,T_SCC_BODY_TEXT_LINE autolearn=ham
	autolearn_force=no version=3.4.4
Received: (qmail 16129 invoked from network); 4 Jan 2024 18:27:08 -0000
Received: from minnie.tuhs.org (2600:3c01:e000:146::1)
  by inbox.vuxu.org with ESMTPUTF8; 4 Jan 2024 18:27:08 -0000
Received: from minnie.tuhs.org (localhost [IPv6:::1])
	by minnie.tuhs.org (Postfix) with ESMTP id AAE3643DDA;
	Fri,  5 Jan 2024 04:26:59 +1000 (AEST)
Received: from mail-pj1-x102a.google.com (mail-pj1-x102a.google.com [IPv6:2607:f8b0:4864:20::102a])
	by minnie.tuhs.org (Postfix) with ESMTPS id C145B43DD4
	for <tuhs@tuhs.org>; Fri,  5 Jan 2024 04:26:48 +1000 (AEST)
Received: by mail-pj1-x102a.google.com with SMTP id 98e67ed59e1d1-28c7c9b19f1so552465a91.1
        for <tuhs@tuhs.org>; Thu, 04 Jan 2024 10:26:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=kev009.com; s=google; t=1704392808; x=1704997608; darn=tuhs.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=H3JTUqUFxFkW28TibenUcuroq2kMziR4lUNUxku0JQI=;
        b=BbOO0/dCZz61tqRcGxLc1VC+6C0V6P3dUOnFoRt2Wzz6lpnJC6aDAcONCSDsIHeVRm
         IVKP4qoaQsOaXX2L7+GHB1156tifsZyxZ1jv8DIJs2zOgIL7WmcVJ/podp9x+N52VGl6
         8gppclsai7W4Lj6Kvsx4VEBO65H0h+Xai5HNY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1704392808; x=1704997608;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=H3JTUqUFxFkW28TibenUcuroq2kMziR4lUNUxku0JQI=;
        b=om/Q6ETT3GC3du0FQXd4GN2Ozu11nUwNSUFrqUUH5SDvOlcHbPkCe2HEl7lklSMClc
         ObBFOD1+dkFad4zDd3TyEOgfRGpGvXh1V3jlZ164dykIjUXMuGNL6g8yljlv1nrVVSLp
         TmkI3/zePb2N4ygJHjyvEq9xIt0n6YRl47DGqFyapJ2wn7svSk/vQO4NoE803eevFy6B
         oz5q01uXQ8ATIXHNcLUMDIAaonujH7UjdAeIc90eJcGbnBRoreLcBcAtCvBTWNWJEzAR
         E6ozHb8Dq777MxH9Gjf4DSPd7AFHgQEFOAvoFDx5ch7KbcqYzg2yG/v3AJg2gtiLBSPY
         sNVw==
X-Gm-Message-State: AOJu0YwohaOGKf1E4X/7SDP2MhicbG4CJ/BDc5s7Mg3PCKM3F7f7Pp/h
	4yP7D/vNM1yQ4qZyRBPZkMrWHXXl+AILZhuxaSZK91OtnC1k
X-Google-Smtp-Source: AGHT+IEGd//CssjeL7YTwNPpDonNIze8X7I8o5JuwLyNHYSh2tgeA7QYczRLOlq1qWCN9OdVYRL2la/4i0CeSHDB1x8=
X-Received: by 2002:a17:90b:1d0d:b0:28c:4a67:eb7d with SMTP id
 on13-20020a17090b1d0d00b0028c4a67eb7dmr843135pjb.48.1704392807925; Thu, 04
 Jan 2024 10:26:47 -0800 (PST)
MIME-Version: 1.0
References: <6470c59f-a1e5-418f-803d-76bcd761f530@tnetconsulting.net>
 <CAC20D2My_R8mmuV3kgApdW2WZOBBuHzmOpzKDxKx=ZaNgmmVZw@mail.gmail.com>
 <20231231224649.h45pogxycgkgs673@illithid> <20231231230615.GE19322@mcvoy.com>
 <CAEoi9W7VAsQaXGc5YCFQ8m=WcYPyNvsL0dnDdt-fjp8EgLxygw@mail.gmail.com>
 <20240103033345.GA108362@mit.edu> <CANCZdfr7Z=dhW2i9izv4hi69Sigh=6tB05_gksmcZcvf3RDDcA@mail.gmail.com>
 <20240103043036.GB108362@mit.edu> <CANCZdfq8Z3tqmnBZVc=VrohhOrBy3Am2aurGTb6xNuwSyCNvpw@mail.gmail.com>
 <CAEoi9W4033qf7krHEvdBV1ZasLdp2DiLO8CX6x_kYZuw=041dQ@mail.gmail.com>
 <20240103163700.GA136592@mit.edu> <202401040842.4048gQsN004587@freefriends.org>
In-Reply-To: <202401040842.4048gQsN004587@freefriends.org>
From: Kevin Bowling <kevin.bowling@kev009.com>
Date: Thu, 4 Jan 2024 11:26:34 -0700
Message-ID: <CAK7dMtC077j15VYCBiMNFwFRBQr_KyEPV27C0uMDqOm7Zok7OQ@mail.gmail.com>
To: arnold@skeeve.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: 34OEQ5U4LNEWPVVRQ4WBN46JK7S2OPIK
X-Message-ID-Hash: 34OEQ5U4LNEWPVVRQ4WBN46JK7S2OPIK
X-MailFrom: kevin.bowling@kev009.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: tuhs@tuhs.org
X-Mailman-Version: 3.3.6b1
Precedence: list
Subject: [TUHS] Re: Question about BSD disklabel history
List-Id: The Unix Heritage Society mailing list <tuhs.tuhs.org>
Archived-At: <https://www.tuhs.org/mailman3/hyperkitty/list/tuhs@tuhs.org/message/34OEQ5U4LNEWPVVRQ4WBN46JK7S2OPIK/>
List-Archive: <https://www.tuhs.org/mailman3/hyperkitty/list/tuhs@tuhs.org/>
List-Help: <mailto:tuhs-request@tuhs.org?subject=help>
List-Owner: <mailto:tuhs-owner@tuhs.org>
List-Post: <mailto:tuhs@tuhs.org>
List-Subscribe: <mailto:tuhs-join@tuhs.org>
List-Unsubscribe: <mailto:tuhs-leave@tuhs.org>

On Thu, Jan 4, 2024 at 1:42=E2=80=AFAM <arnold@skeeve.com> wrote:
>
> Things have wandered a little far afield... :-)
>
> "Theodore Ts'o" <tytso@mit.edu> wrote:
>
> > Or there's something running on a completely different x86 core with
> > unpatched securiy bugs in the Minix and Apache cores that you can't
> > even disable (unless you are the National Security Agency)....  Sadly,
> > Intel refuses to make it available the magic bits to disable the Intel
> > ME to anyone else.  :-(
>
> I worked for a number of years in the design center where the firmware
> and software for the ME were develped.  Although it's possible that
> the firmware developers were sworn to secrecy, I never heard anything
> about back doors for the NSA or anyone else.
>
> Intel took security and code quality in the ME very seriously,
> and during my tenure the quality of the ME firmware improved a lot.
>
> ISTR that the BIOS had settings for disabling the ME. Is that
> no longer true?
>
> I know there are lots of people who despise the ME, which I never
> understood. It was designed to solve the very real problem of remote
> PC management, and for that it works.  My own feeling is, if you don't
> want the ME, buy a processor without it; there are plenty from Intel
> and AMD.

I have tried out the AMT stuff for OS development and it is a mess.  I
am skeptical anyone seriously uses it.  Laptops already have
microcontrollers for various functionality so it is hard to see why
the already standardized NC-SI and IPMI couldn't be applied to the
problem space in some way that is secure, standardized, and doesn't
significantly change the BOM cost.

For whatever reason, intel makes it difficult to impossible to remove
the ME in later generations.  It seems more than accidental
incompetence since people have figured out how to force it into a
brain dead state (coreboot with me_cleaner).  It is doubly suspicious
that the US government has a killswitch for it that the commercial and
general public do not.

Which are the intel CPUs without the ME?  Just because a CPU doesn't
have vPro licensed doesn't mean the ME isn't there.

> Quite seriously, and with no animosity, I'd be happy to learn what
> I'm missing here.

https://en.wikipedia.org/wiki/Intel_Management_Engine has a good
enough survey and links to other soruces.

It's a complete mess on the NIC too, the firmware on e1000 NICs has
all sorts of issues and much of it is related to the insane errata and
complexity of transitioning to and fro Management mode and different
interpretations of who is responsible for power management.

>
> Thanks,
>
> Arnold