Kevin, the simpler answer here is, don't buy Intel (nor AMD). https://danluu.com/cpu-bugs/ shares some insights here - with respect to low quality, an Intel ex-employee sums up the low quality as "you have no idea", and that among other things, Intel "appears to be cutting back on validation effort", and had "an exodus of formal verification folks", as they're not competing on CPU correctness, but instead compete on price and power consumption against ARM only.
Intel will not get better, so why do you buy into it? Hopefully some day we'll have open source chips akin to SiFive Freedom U500 ( https://www.sifive.com/documentation/freedom-soc/freedom-u500-platform-brief/ . Klemens, https://en.wikipedia.org/w/index.php?title=Intel_Management_Engine&oldid=812959957 , ah so actually their ignorantly made, bug-prone, proprietary Xenix with full RAM access, runs on every single Intel chip now? Dear. > Kevin On Sat, 02 Dec 2017 03:11:23 -0500 > Perhaps the older ones but I doubt that. The latest Atom Apollo Lake E3s > even PROVIDE "Access to user memory". Which I believe means the entire > RAM and if so is quite ridiculous!! > > I am sure it will change however the current working exploits require > access to a USB port, though the OS has access and could turn malware > into HW resident malware. OpenBSD is as good a protection as you will > get there though and probably even better for future exploits. I am > still unclear as to whether a properly setup Trusted Execution Engine > can protect the system. I guess from persistent firmware invasion but > not protect kernel memory access or prevent an attacker gaining > knowledge for gadgets (if can get to a Debug USB from userland) or > worse. .. > The most ironic is Intels recent adverts for not trusting software > but HW instead. Can be true in an application specific fashion but > even then it has to be done right. > > Unfortunately the lastest hardware is much cheaper so it isn't .. > On Sat, Dec 02, 2017 at 03:11:23AM -0500, Rupert Gallagher wrote: >> IME (vPro) is included in Xeon and Core chips. Atom is clear of it. Just >> checked. > Check again. > > vPro is nothing but a collective name for various technologies such as > VT-x, VT-d and primarily Active Management Technology (AMT); these can > be part of the Management Engine's firmware depending on the package. > > Intel integrates their ME in *all* chipsets since 2006. Again: *every* > CPU manufactured by Intel ships it since then. Integration, architecture > and features have been changing immensly over time.
