Hey /g/. I am trying to get a laptop without hardware backdoors for just in case. Do you know since when this shit got implemented anywhere. Pentium 4, 3 or even older?
Stallman thinks his X60 is safe, so probably any CD or C2D is safe.
>>59663364
So a core2duo is the most modern hardware without kow level backdoors you mean? Basically everthing before the i-series i guess?
>>59663465
*low
>>59663338
The key is Libreboot.
If Libreboot supports it, you're uncompromised. Old Intel, old AMD, or ARM.
>>59663338
You can get a laptop with a Core Duo but some have the Intel ME on the main board or on the wireless card. Most Core2 Duos have the ME embedded inside of the CPU itself. You can fully disable the ME on everything before the Core i series without breaking any functionality, but with this you need to provide modified firmware to do hardware initialization as that's one of the jobs of the ME. That's where Libreboot comes in. So from the pic you can see the EEPROM where the BIOS and some of the ME firmware are stored. You can flash that chip on any laptop but on the newer core i ones, tampering with the ME firmware to make it inaccessible will cause the computer to reboot every 30 minutes. Most people who have worked with the IntelME that I've talked to agree that this is because firmware made for power and core regulation are kept on that chip. There is hope though. The ME is very modular to make things easier for vendors so some geniuses came up with a way to disable some of the core functions of the ME to "neutralize" it.
Link: https://github.com/corna/me_cleaner
I personally don't trust the new method because the ME is still running. It's not ideal but it's the best we have unless you want to use a Libreboot supported machine. Nonetheless, I have used ME Cleaner on a T420 because I might as well while I'm flashing Coreboot and SeaBIOS. The laptop has been working fine for a few months. For any laptop with UEFI I suggest you use something like Coreboot regardless of what you do with the ME because UEFI is a clusterfuck. It's big, bloated, and proven to be easily exploited by skids as of 2014 or so if they get physical access.
>>59663576
What about modern ARM? Are they very compromised?
Speaking of, why haven't there been more proper attempts at making good relatively powerful ARM laptops?
>>59664615
Not him but ARM is proprietary and generally just less powerful. A majority of ARM devices also require non-free binaries to operate. Raspberry Pi is a viable alternative if they release all of the source code for their computers. They're also extremely powerful, efficient, and cheap. I'll keep my fingers crossed.
That other anon also forgot to mention that you need to install Libreboot. Your machine can be supported but still have hardware backdoors that aren't fully disabled until you flash Libreboot. An example is the T400 I'm typing this from. There is an Intel ME in it but it's disabled. The quickest way under GNU/Linux to check is to type "lspci" in the terminal and look for the ME.
>>59663465
Anything without the IME or made in China.. so good luck
>>59663576
>If Libreboot supports it, you're uncompromised.
IME doesn't rely on BIOS/UEFI
>>59664615
>proper attempts at making good relatively powerful ARM laptops?
I'm hoping we might see something in a few years.
ARM servers are beginning to tested in the data centre.
That doesn't mean that anything that reaches the consumer won't be filled with remote-control-ware though.
what even is
Communication controller: Intel Corporation 6 Series/C200 Series Chipset Family MEI Controller #1 (rev 04)
what does it do exactly and what is the excuse for its use
>>59664761
>made in China
lol no
>>59664774
>IME doesn't rely on BIOS/UEFI
Libreboot does more than replace the BIOS. It disables the ME itself and replaces the ME firmware that's on the BIOS EEPROM chip with free and open source firmware to init the hardware. Don't be dense.
>>59664858
It's a part of the ME. MEI stands for "management engine interface" and is basically a way for the ME to access other parts of the OS/bootloader or for you to change the settings using the BIOS/EFI frontend.
Also
>Notice: Intel6 Series Chipset and Intel C200 Series Chipset may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are documented in this specification update.
https://www-ssl.intel.com/content/dam/www/public/us/en/documents/specification-updates/6-and-c200-chipset-specification-update.pdf
what is the best way to find out BEFORE you buy a used laptop? just have them run lspci from a linux livecd?
>>59665513
Google it, faggot. Since you're incapable of doing that, I'll help you out. Copy and paste "laptops without Intel me". Or buy a ThinkPad X60.