Which "other parts" do you mean? The GPU blob or Raspbian? You don't need to use the stock distribution.
On 07.12.2016 23:10, Duncan Guthrie wrote: > What I was originally getting at was that the parts of the Raspberry Pi > that are completely proprietary - while there is a free software > implementation of the GPU blob, most people don't use that, as they are > on stock Rasbian, which includes all the nasty "other parts" - are a > great possibility for hijacking, perhaps through malicious code running > on the GPU, which controls the CPU in several ways. The problem with > this isn't that this is unique (Intel computers having so much more > attack surface) but that a flaw in lots of these small computers that > power a portion of the network means that an exploit in them due to lack > of diversity would be much more serious. Better a lots of these small computers than none ... > The management engine blob is also very serious. One possible mitigation > might be to run the relays in VMs with good isolation, e.g. Xen on > recent hardware which has good IOMMU. This makes it much harder to > exploit the actual software that runs on the ME since the VMs would, in > theory, have no access to hardware. > > It should be of concern on any hardware that is being used for related > purposes, I think. However, whether it works out in practice as a > backdoor that is worth exploiting vs other methods is debatable. > > Regardless, diversity is good. That's true! Regards, > On 07/12/16 20:35, Gumby wrote: >> Subject seems to have changed a bit, so not hijacking it. >> When thinking of any exploitation of firmware - should there be >> concerns of Intel's Management Engine in the CPU of any relays >> running on "home hardware" in any common unused pc or laptop? >> Should that be a concern on ANY newer Intel hardware? >> >> Gumby _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
