Language Selection

English French German Italian Portuguese Spanish

Security: Intel Management Engine (ME), Snyk FUD, and Latest Security Updates

Filed under
  • Replacing x86 firmware with Linux and Go

    The Intel Management Engine (ME), which is a separate processor and operating system running outside of user control on most x86 systems, has long been of concern to users who are security and privacy conscious. Google and others have been working on ways to eliminate as much of that functionality as possible (while still being able to boot and run the system). Ronald Minnich from Google came to Prague to talk about those efforts at the 2017 Embedded Linux Conference Europe.

    He began by noting that most times he is talking about firmware, it is with his coreboot hat on. But he removed said "very nice hat", since his talk was "not a coreboot talk". He listed a number of people who had worked on the project to "replace your exploit-ridden firmware with a Linux kernel", including several from partner companies (Two Sigma, Cisco, and Horizon Computing) as well as several other Google employees.

    The results they achieved were to drop the boot time on an Open Compute Project (OCP) node from eight minutes to 20 seconds. To his way of thinking, that is "maybe the single least important part" of this work, he said. All of the user-space parts of the boot process are written in Go; that includes everything in initramfs, including init. This brings Linux performance, reliability, and security to the boot process and they were able to eliminate all of the ME and UEFI post-boot activity from the boot process.

  • Interview: Why are open-source security vulnerabilities rising? [Ed: Snyk is a FUD firm. It has been smearing Free software a lot lately in an effort to just sell its services.]
  • Security updates for Wednesday

More in Tux Machines

Type Title Author Replies Last Postsort icon
Story OSS Leftovers Roy Schestowitz 23/03/2018 - 4:10am
Story Anti-Linux, Entryism, Openwashing and FUD Roy Schestowitz 23/03/2018 - 4:08am
Story The Kernel Self-Protection project aims to make Linux more secure Roy Schestowitz 23/03/2018 - 3:51am
Story Los Alamos Releases File Index Product to Open Source Roy Schestowitz 23/03/2018 - 3:37am
Story A side-by-side comparison of MongoDB and Cassandra databases Roy Schestowitz 23/03/2018 - 3:26am
Story This is the New Ubuntu 18.04 Default Wallpaper Roy Schestowitz 23/03/2018 - 3:23am
Story Node.js Is Now Available as a Snap on Ubuntu, Other GNU/Linux Distributions Rianne Schestowitz 22/03/2018 - 8:37pm
Story Modular PLC platform runs Linux on Allwinner H5 Rianne Schestowitz 22/03/2018 - 8:33pm
Story today's leftovers Roy Schestowitz 22/03/2018 - 5:46pm
Story U-Boot 2018.03 Released Roy Schestowitz 22/03/2018 - 5:41pm