"Disabled" is something done with a configuration option, and you are "politely asking it to do X". The application can ignore the setting. The ME does not seem to ignore it.

You are confusing it with "removed".

She is saying that until the ME reads the config and executes the action it is active (and vulnerable).

Since you don't explain what this "early ME code bypass" hack is, it involves writing stuff to the flash chip. Even without the ME you're screwed if someone can do that.

Sadly on most systems it's easy to do so. What about your own Power boards? Does the firmware have a hardware switch to go in read-only mode? Will you consider implementing that?

In Silicon Valley and many other areas you will find office upon office where dozens of coders spend 8-12 hours every day using MBPs to write code at their desk and are always plugged in. They only require battery when attending meetings for a few hours at a time.
​​​​​​
​​​We have found 3- 4 hours for modest use like image editing, web browsing, or similar office tasks.

The whole problem with the ME is that you (and I) really have no idea what it does due to the way it's designed. You argue setting the HAP bit stops further apps from running, and with just as much evidence I could claim it shifts the ME into a mode where it remotely accepts a specially crafted non-IP key handshake for government access to / control of the system (given its specced origins, this is not a totally off the wall idea).

Not at all. See the dictionary: https://www.merriam-webster.com/dictionary/disable

"to make ineffective or inoperative"

The ME must have an effect, or the system would boot without it. Therefore, it is NOT disabled.

So not disabled then, right?

And you can 100% guarantee that it isn't vulnerable in any other way?

There are read-only switches on the board for exactly that purpose. FW needs a bit more work to enable them (right now if you actually shut off write the FW isn't happy as it wants to cache VPD entries) but this is an actual goal we are working toward and can retroactively enable on all of our hardware.

Plus, even now, it's not that easy. The root keys are stored in the CPU, so just altering the Flash isn't sufficient.

He is talking of the more "free" type of workers, artists and freelancers that are the backbone of Apple's reputation and brand recognition.
And yes, they commonly value long battery life.

If it wasn't for them that set the brand as desirable, the corporate drones you mention would be tapping away on HP or Dell laptops instead.

Honestly, putting a dGPU in all workstation laptops makes little sense. The most graphically demanding thing I use for work is a web browser, and an integrated GPU is good enough even for accelerating image editing.

Since Thunderbolt exists, I think there would be plenty of people who'd rather have an integrated GPU on the go, and the possibility to hook external one up if it's needed for something like playing games outside of work.

We found 3-4 hours of while running web apps, office apps, or image editing.

That's not how evidence works. HAP bit is shown to stop further interaction with known documented API.

Your claim is on the same level of saying the ME can contact aliens with a beam of psychic energy.

With the setting it is indeed "ineffective" and "inoperative", after it has read it and executed it.

If you want something that does not need to read a setting you are looking for "removed"

It is disabled after the board init phase, which means after the first 100ms or whatever when you press the power button.

And you can 100% guarantee that your Power CPUs don't in fact contain another CPU running a secret OS that is accessible only by using secret and undocumented instructions?
(which is actually shown to be possible and somewhat true for some older VIA CPUs where you do have such instructions to do nice things)
Fuck off with this bs.

While on Intel in most cases firmware access is widely available and anything can write to it.

And no vendor has ever published wrong, incomplete, or misleading public API documentation? You've seen the full, complete source code of the ME and can guarantee the API and configuration bits do exactly what they state, with no unwanted / undocumented side effects?

If you haven't, you are just blindly trusting a vendor with zero legal recourse if anything goes sideways. That's not how security and associated auditing / hardening works.

And at this point, it's fairly clear you have a machine with a "disabled" ME that you want to feel safe using, and are perfectly willing to bury your head in the sand (figuratively) to keep that safe feeling. That's fine, but also insufficient for us that need real security vs. a mere feeling of safety.

It's reasonable to assume most malware targeting it will use its API and not assume it is in a weird undefined mode that can only be enabled by enabling an undocumented switch.

I'm not trying to hide from the Big Brother, I'm trying to avoid malware.

This is SIL-4 (safety-critical) certification lol, not even Linux that is opensource can seriously guarantee that.

You are always blindly trusting a vendor, yours is just a different line in the sand.
We are all blindly trusting Torvalds too that some kernel API or subsystem isn't actually wrong, and sometimes bugs happen and systems can be compromised.

We are all blindly trusting that the CPU actually works as documented.
The processor isn't opensource, it may very well have undocumented instructions that do whatever.
Old VIA processors had some fun stuff like "instant privilege escalation" CPU instructions for example.

Can you guarantee Power processors don't have that? No you can't. Ops, you are just blindly trusting a vendor with zero legal recourse if anything goes sideways, fuck you very much.

You have a very wrong idea of how security works. Security audits don't usually claim vulnerabilities until they have proof of it.

that I'm waiting for a true half-decent fullstack open system before committing to the limitations of a different architecture.
Power is cool but I don't feel it is worth it.

I'm on AMD, btw. More because of Intel CPU vulnerabilities than because of ME. Yes I know there is the PSP

I don't agree with that.

I try to do both; I don't like being spied on or having the potential for data theft regardless of what the actual entity engaging in such activities happens to be -- whether Google or a black hat, my data is none of their business unless I explicitly allow them (or the general public) access to some piece of it.

Perhaps not, but I also know I'm allowed to patch and modify the kernel as events transpire. I am NOT permitted to do that with the ME, which means that the concession made for Linux is not valid for the ME.

Actually, yes, there is certainly legal recourse for defective POWER systems. You can sue for hardware defects, and often win, but in general that is not the case for licensed software like the ME. See the difference, and why companies tend to put a lot more Q/A into non-mutable hardware where they have a lot more potential liability?

So you advocate no proactive security measures? Are you still using the not yet deprecated (i.e. still generally accepted as useful at the moment) weaker encryption algorithms / key lengths, or have you looked at what is likely to happen in the next few years and started using stronger encryption?

A few years ago common knowledge was Facebook / Google were OKish entities, and those that said otherwise were ridiculed in a similar manner. How are they seen now in the wake of things like Cambridge Analytica? A proper security stance looks heuristically at all elements, looking to past and likely future possibilities, in addition to the total technically possible access level of a hardware or software component (which is oftentimes a good indicator of what the company is actually doing or will end up doing).

Interesting. With POWER an open ISA etc., what would you be looking for in addition?