Language Selection

English French German Italian Portuguese Spanish

Security: Intel Management Engine (ME), Snyk FUD, and Latest Security Updates

Filed under
Security
  • Replacing x86 firmware with Linux and Go

    The Intel Management Engine (ME), which is a separate processor and operating system running outside of user control on most x86 systems, has long been of concern to users who are security and privacy conscious. Google and others have been working on ways to eliminate as much of that functionality as possible (while still being able to boot and run the system). Ronald Minnich from Google came to Prague to talk about those efforts at the 2017 Embedded Linux Conference Europe.

    He began by noting that most times he is talking about firmware, it is with his coreboot hat on. But he removed said "very nice hat", since his talk was "not a coreboot talk". He listed a number of people who had worked on the project to "replace your exploit-ridden firmware with a Linux kernel", including several from partner companies (Two Sigma, Cisco, and Horizon Computing) as well as several other Google employees.

    The results they achieved were to drop the boot time on an Open Compute Project (OCP) node from eight minutes to 20 seconds. To his way of thinking, that is "maybe the single least important part" of this work, he said. All of the user-space parts of the boot process are written in Go; that includes everything in initramfs, including init. This brings Linux performance, reliability, and security to the boot process and they were able to eliminate all of the ME and UEFI post-boot activity from the boot process.

  • Interview: Why are open-source security vulnerabilities rising? [Ed: Snyk is a FUD firm. It has been smearing Free software a lot lately in an effort to just sell its services.]
  • Security updates for Wednesday

More in Tux Machines

Stable kernels 4.18.2, 4.17.16, 4.14.64, 4.9.121, 4.4.149, 3.18.19 4.18.3, 4.17.17, 4.14.65, 4.9.122 and 4.4.150

Give Your Ubuntu Desktop a Flat Look Using Arc Theme

Arc theme is a beautiful flat theme with transparent element for GTK2, GTK3 and GNOME shell which supports DEs like GNOME, xfce, MATE. Here’s how to install Arc theme in Ubuntu, Linux. Read more

Opera 55 Released with Dark Theme Support, New Layout Page and many more improvements

Opera, the fast and secure web browser is a great alternative to your go-to browsers – Firefox, Chrome or Chromium in Linux. This 20+ years old web browser comes with built-in ad blocker, battery saver and free VPN. Opera 55 Released with Dark Theme Support, New Layout Page, One Click Chrome extension Installation. Here’s whats new. Read more

Linux Apps Land On Beta Channel For A Lot Of Chromebooks

A recent update to the Beta Channel of Chrome OS has brought with it a very exciting surprise. The “Crostini Project,” a.k.a. Linux Apps on Chrome OS has been floating around the Developer Channel for some time and can be found on various devices such as the Pixelbook, Kaby Lake Chromeboxes and even Apollo Lake EDU Chromebooks. Unfortunately, for those wanting to try out the new feature, moving to the sometimes-unstable Developer Channel was a requirement along with enabling the “Crostini” switch that has been hidden behind a flag. The update to Chrome OS version 69.0.3497.35 in the Beta channel has not only advanced the Crostini Project but set Linux apps on by default meaning no need to enable any experimental flags. Read more