Furthermore, Intel published SA 112 last week which describes three RCE vulnerabilities, as in remote code execution (!), in all Intel Management Engines since v3.x (Core 2 Duo generation and newer).

intel.com/content/www/us/en/se

Follow

@Kensan “The Intel® CSME firmware for the following products is no longer supported. These products will not receive a firmware update: Intel® Core™ 2 Duo vPro™, Intel® Centrino™ 2 vPro™, 1st Generation Intel® Core™, 2nd Generation Intel® Core™, 3rd Generation Intel® Core™.” if these are no longer supported then why not open source them?

‘We don't offer support, but we can't let you fix it either.’ ― such business practices should be illegal.
(╯°□°)╯︵ ┻━┻

@kmicu My guess is that the ME code is littered with IP issues so aside from the technical issues the potential legal ramifications may keep the status quo.

@Kensan That’s certainly true from Intel’s perspective. It also generates profits, because now consumers need to buy new maintained (today) CPUs and throw away old one.

From consumers’ perspective that looks like an exploitation. Also, limiting product re‑usability is not healthy to the environment.

Like with GDPR, we could make such practices illegal (at least in Europe).

PS I am only venting here and waiting for some RISCier alternatives ;)

@kmicu Yes, sorry for not making it clear: I wholeheartedly agree and do not like the current state. Please vent away :)

@Kensan now I need to return the favor.

I am sorry for not stating it clearly: I did not assume you are defending Intel, only that you understand its position; which is good.

I love your posts and insights. Keep them coming!
😉👉👉

@kmicu Thank you, very kind of you to say! 🙇‍♂️

@Kensan

Another reason is that the code may be shared with the newer (supported) models, and opening it for audit by everyone will likely lead to the vulnerabilities in newer models being exposed. Security through obscurity, in other words. Or insecurity on purpose…

WRT the "I.P." issue: this may be the reason why (FL)OSHW (software too, but to a lesser degree) may not be gifted by a MegaCorp, but only developed from the ground up.

@kmicu

@Kensan @kmicu
P.S. Personally, I think #patents, and #copyright in general, are counter-productive and have to be abolished ASAP. Their presence in the legislation is as tolerable as e.g. slavery or torture.
Maybe we could make a huge crowdfunding campaign to buy enough members of the respective parliaments to make this happen? 🤔
Or there is just not enough money in hands of those who might be interested in the changes?…

@kmicu @Kensan Intel only designs their CPUs to have a 7 year lifespan and support cycle. All of these CPUs are that old or older.

@kmicu @Kensan the fact that we even got microcode updates for these CPUs to mitigate Meltdown and Spectre is lucky enough unfortunately

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!