-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Tue, 2017-11-28 at 15:19 +0000, Paul Groves wrote:
On 28/11/17 15:08, Christopher Myers wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
I ran Intel's IME firmware bug detection tool on my Lenovo T570 today, and it said that my laptop is vulnerable and to contact my vendor. So I went to Lenovo's website and found patches...for Windows only. I'm going to bet that Lenovo won't release Linux patches, or bootable CDs with firmware patches, etc.
Out of curiosity, how are others addressing things like this? Do I really have to swap out my hard drive with a Windows version to install the patch, and then revert back to my nice safe Linux home afterwards? -----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEE7GM/Dul8WSWn72odQ1nEo4DFCIUFAlode84ACgkQQ1nEo4DF CIUyAgf/eN/8zHeQVUqtrDgovckKz0QR9elBfgQKkLK/pVzeTpC9GKtKGzj7uNN+ RxTVc3Rdj0WzcoU7VfgvxAXj14B5TOpG/zEwdtPd5m1HtcvRPxOHYFQllGzKJgPx p5zF0gQ8TElLnskkO94AQDU0OAL/usgwqWtvPvu0nzS3EVr9NnezIdflxtsYLIDD Hhf+AwL6X1DfkEO7WsWFP5jEZU9KatfHgT9UP5msPU76Hk17b/ZSNX0GrO1vHNdk BPU+BJYNYlo5KvvSkk9pHz+t65H9l7iFNdh0rRjGxepmjDATdGKOWQOHbq+EQag4 991GWaYrrDG7rXq+JTglL6fkqg/LBQ== =N7ib -----END PGP SIGNATURE----- N�����r��y隊Z)z{.�ﮞ˛���m�)z{.��+�:�{Zr�az�'z��j)h���Ǿ� ޮ�^�ˬ z�
I remember doing one on an old Intel Q35 chipset board.
Check in the BIOS which IME you have and download the patch from Intel. Sometimes they have linux support and sometimes DOS support so you can use a bootable USB. Make sure you don't try to install the wrong firmware because if you do, you're gonna have a bad time!
I found this interesting.
https://www.theinquirer.net/inquirer/news/3019569/purism-disables-int els-management-engine-on-linux-powered-laptops
I do like the idea of being able to run a laptop that doesn't have the backdoor enabled, but unfortunately work won't let us go that route (we've standardized on specific models.) In this case, Intel's not releasing firmware directly unfortunately :/ https://www.intel.com/content/www/us/en/support/articles/000025619/soft ware.html Why can’t Intel provide the necessary update for my system? Intel is unable to provide a generic update due to management engine firmware customizations performed by system and motherboard manufacturers. -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEE7GM/Dul8WSWn72odQ1nEo4DFCIUFAlodg3AACgkQQ1nEo4DF CIWB4AgAlA56raruR6Hk7K2odNS3yUPbBAUy36tx8QJyJYf+r9sPm5bZvcSyw2No FuylT6dR3uG9xQeugClHDL+zOGRHBLWo07W+CbbjzJ59Xg/cH4z9PAEPYgx7R77Y 2v2coGDvOJ71tdUqC+UehhroeHWh9feOGI599vmUT+yyrGqORGO6m4GB5Zn5Z1ag aNHsxYbnyhDxOHRpvztCx24bF0bYJvF+fwerbGxQT3+Kd42fGb2/8EMZhOWBSIlH XMr798/r2RvV2A69n7ioZRsaKOmbSkgd4Cmr0XRXYgYe3qSmWO6nj5dvhVS3cE0E 48p4RlKBhm+EWOmsbhVvj1zIljdtcQ== =qMJZ -----END PGP SIGNATURE-----