On Sat, 02 Dec 2017 03:11:23 -0500
> IME (vPro) is included in Xeon and Core chips. Atom is clear of it. > Just checked. Perhaps the older ones but I doubt that. The latest Atom Apollo Lake E3s even PROVIDE "Access to user memory". Which I believe means the entire RAM and if so is quite ridiculous!! I am sure it will change however the current working exploits require access to a USB port, though the OS has access and could turn malware into HW resident malware. OpenBSD is as good a protection as you will get there though and probably even better for future exploits. I am still unclear as to whether a properly setup Trusted Execution Engine can protect the system. I guess from persistent firmware invasion but not protect kernel memory access or prevent an attacker gaining knowledge for gadgets (if can get to a Debug USB from userland) or worse. Reminds me of IPv6 to some degree but worse. Take a small problem and expand it until you have potential for undermining everything. The most ironic is Intels recent adverts for not trusting software but HW instead. Can be true in an application specific fashion but even then it has to be done right. Unfortunately the lastest hardware is much cheaper so it isn't necessarily as simple as just using some older stuff that may just be less understood, unless you go further into obsolescence territory. AMD is *maybe* an option but they are moving higher end not cheaper by the looks of it.
