Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I used a RPi in the past as main desktop, why i went for this:

- Its not a Intel platform (trust issues due to IME)

- Power consumption low enough for running 24/7

- Noise - its quiet enough so it does not disturb me while sleeping

- No support for weird power management, machines going dark for no discernible reason has always been bugging me

What i really disliked was the instability of SD cards, and the media playback was mediocre back then due to a lack of HW accelerators.



  Its not a Intel platform (trust issues due to IME)
See, this is what I don't understand, the pi's GPU is running a huge pile of closed source proprietary code as well, and at a first approximation has full system visibility too (ignoring it apparently has a bug limiting its actual view of all system ram on the higher capacity models). It could in theory be injecting/monitoring the nic as well. AKA, its just as privileged as the ME.

So why do you "trust" it more than the intel? If anything the intel probably has 100x as many security researchers analyzing it.

Also RE power, the pi idle power tends to be quite poor. Mine idles at ~4W, which is worse than a number of low end intel machines I have, so for something that might sit idle for >12H a day, it might be less efficient than recent intel machines.


>ignoring it apparently has a bug limiting its actual view of all system ram on the higher capacity models

AFAIK that SoC had big and little DMA engines. The little engines can't reach the upper half of memory but the bigger ones can, which means you can just use the big DMA engines to muck with any RAM you yourself can't directly see. It's annoying for practical purposes but it doesn't have any security value.


> It could in theory be injecting/monitoring the nic as well.

Intel is known to do this shit, Broadcom isn't, yet.

I'd always prefer a blob on the boot partition over an EEPROM that i can't access without disassembly.


When the machine owner asks for it, has there been a case where its been caught sending packets otherwise?

I mean its a "feature" being sold, if you get a vpro/amt machine it still needs to be turned on (the couple I have, have bios options for enabling/disabling the management features).


There was no proof of the whole NSA Prism thing either, but we still "knew" it would be there and acted as if it was there. Until Snowden leaked the stuff and we learned its name.

I'm not going to wait until the next Snowden uncovers whatever the IME is for.


> Its not a Intel platform (trust issues due to IME)

You're right to be paranoid. If only people fully grasped what the IME actually was.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: