Language Selection

English French German Italian Portuguese Spanish

Security: Intel Management Engine (ME), Snyk FUD, and Latest Security Updates

Filed under
Security
  • Replacing x86 firmware with Linux and Go

    The Intel Management Engine (ME), which is a separate processor and operating system running outside of user control on most x86 systems, has long been of concern to users who are security and privacy conscious. Google and others have been working on ways to eliminate as much of that functionality as possible (while still being able to boot and run the system). Ronald Minnich from Google came to Prague to talk about those efforts at the 2017 Embedded Linux Conference Europe.

    He began by noting that most times he is talking about firmware, it is with his coreboot hat on. But he removed said "very nice hat", since his talk was "not a coreboot talk". He listed a number of people who had worked on the project to "replace your exploit-ridden firmware with a Linux kernel", including several from partner companies (Two Sigma, Cisco, and Horizon Computing) as well as several other Google employees.

    The results they achieved were to drop the boot time on an Open Compute Project (OCP) node from eight minutes to 20 seconds. To his way of thinking, that is "maybe the single least important part" of this work, he said. All of the user-space parts of the boot process are written in Go; that includes everything in initramfs, including init. This brings Linux performance, reliability, and security to the boot process and they were able to eliminate all of the ME and UEFI post-boot activity from the boot process.

  • Interview: Why are open-source security vulnerabilities rising? [Ed: Snyk is a FUD firm. It has been smearing Free software a lot lately in an effort to just sell its services.]
  • Security updates for Wednesday

More in Tux Machines

Linux-driven embedded PCs target autonomous cars

Kontron announced two Ubuntu-driven computers for autonomous vehicles. The S2000 is a lab dev platform with a Xeon 8160T and the EvoTRAC S1901 offers a choice of Kontron modules including a new Atom C3000 based, Type 7 COMe-bDV7R. Kontron has launched a Kontron’s S2000 Development Platform for developing autonomous in-vehicle computers and is prepping an EvoTRAC S1901 in-vehicle PC for use in advanced automotive applications, including autonomous vehicles. Both systems ship with Intel processors running a pre-installed Ubuntu 16.04 LTS Linux stack. The systems follow earlier Kontron automotive computers such as the EvoTrac G102 in-vehicle cellular gateway. Read more

OpenBSD 6.4 Released - Disables SMT/HT By Default, Updates Radeon DRM

Adding to the exciting release day is Theo de Raadt releasing OpenBSD 6.4 as the newest version of this BSD operating system known for its security mindfulness. Exciting us from a technical standpoint and for anyone using OpenBSD on the desktop is a newer Radeon DRM display driver, but it's still very dated compared to what is found in the mainline Linux kernel. Their Radeon DRM driver is now synced against the Linux 4.4.155 LTS upstream state that then provides mode-setting support for various GCN 1.0/1.1 graphics cards as a new feature to OpenBSD... But newer GPUs and the many other open-source AMD improvements past Linux 4.4 haven't made their way into the OpenBSD world yet. Even still, Radeon graphics remain among the best supported options for what is available to OpenBSD users. The Radeon DRM code is also now available for 64-bit ARM OpenBSD users. Read more Direct: OpenBSD 6.4 LWN: OpenBSD 6.4

Android Leftovers

NVIDIA GeForce RTX 2070 OpenCL, CUDA, TensorFlow GPU Compute Benchmarks

Here are the first of our benchmarks for the GeForce RTX 2070 graphics card that launched this week. In our inaugural Ubuntu Linux benchmarking with the GeForce RTX 2070 is a look at the OpenCL / CUDA GPU computing performance including with TensorFlow and various models being tested on the GPU. The benchmarks are compared to an assortment of available graphics cards and also include metrics for power consumption, performance-per-Watt, and performance-per-dollar. Read more