Hello fellows
I was wondering which side would be better:
Having some old Thinkpad but with coreboot/linux installed and the ME therefore disabled, but having security flaws with ancient cpus and no microcode updates?
or
Having some new high end device, with proprietary uefi and just linux?
I‘m bothered about those 2 options… Privacy and Security are going hand in hand for me and with this consideration Coreboot/Libreboot just seem to be useless nowadays.
deleted by creator
If you read this two news:
- Hackers are using leaked NSA hacking tools
- GobRAT malware written in Go language targeting Linux routers
As a REAL case and “proof of theory” example to understand what you said:
ME therefore disabled, but having security flaws with ancient cpus and no microcode updates
The end point for me is flashing core/libre boot are more enhance security + privacy because you use BIOS design with less used by majority, so less get impacted by mess vulnerable system from hacker. The impact are mid to low (from the case above), unless you are highly targeted by. For the flaws with microcode updates, is not really easy to break as we think AND if it’s already there by IT team backed from government or hacker gang, still its only happen if we highly targeted only. You can check this video (34C3 - Intel ME: Myths and reality) for deep explanation about Intel ME cleaner on Coreboot.
If yoiu watch Ithaka documentary movie (2021) about Julian Assange father, you can see one moment where Assange’s Wife still using Thinkpad x220 as her daily driver for communication. I think such as Julian Assange, where know more about privacy and security system than us because many top experts around him also, have high change that the laptop possibly installed with Libreboot / Coreboot / Wikileaks own BIOS design imo.
If new high end device like you said, are more secure and private than custom BIOS from old thinkpad, why Julian Assange still using old Thinkpad x220? Of course he can’t because highly targeted by government in the world. But why he choose laptop that so old to use and pron to vulnerable? There’s a reason for him to choose old thinkpad rather than new one I think. Only from this information, I validate that using core/libre boot can enhance security and privacy our digital system based by reality case, deep explanation standpoint, and used by highest end user in privacy and humanity advocator (Julian Assange).
i am intrigued, can you give an example of a vulnerability as a result of no microcode updates?
Microcode updates can also be applied by the os. Linux does this for example and overwrites the microcode during boot until the next power cycle.
Coreboot and Libreboot are useless right now since the motherboard designers meant for them to be so. If I could install Libreboot on everything, I’d be the happiest I could be, but that is sadly not possible. I’m surprised Google still pushes out Coreboot for every Chromebook they have, although Chromebooks are a different kind of cancer to deal with