The first and central provision of the bill is the requirement for tracking technology to be embedded in any high-end processor module or device that falls under the U.S. export restrictions.
As a coder with some hardware awareness, I find the concept laughable.
How does he think they (read: the Taiwanese, if they are willing to) would go about doing it?
Add a GPS receiver onto every GPU? Add an inertial navigation module to every GPU? Add a radio to every GPU? :D
The poor politician needs a technically competent advisor forced on him. To make him aware (preferably in the most blunt way) of real possibilities in the real world.
In the real world, you can prevent a chip from knowing where it’s running and you can’t add random shit onto a chip, and if someone does, you can stop buying bugged hardware or prevent that random addition from getting a reading.
I’m already familiar with it. On the systems I buy and intall, if they are Intel based, ME gets disabled since I haven’t found a reasonable use for it.
Oh yeah, ARM also has something similar.
Since this is more relevant to me (numerically, most of the systems that I install are Raspberry Pi based robots), I’m happy to announce that TrustZone is not supported on Pi 4 (I haven’t checked about other models). I haven’t tested, however - don’t trust my word.
Who would you buy from in this case?
From the Raspberry Pi Foundation, who are doubtless ordering silicon from TSMC for the Pico series and ready-made CPUs for their bigger products, and various other services from other companies. If they didn’t exist, I would likely fall back on RockChip based products from China.
In the BIOS options of that specific server (nothing fancy, a generic Dell with some Xeon processor) the option to enable/disable ME was just plainly offered.
Chipset features > Intel AMT (active management technology) > disable (or something similar, my memory is a bit fuzzy). I researched the option, got worried about the outcomes if someone learned to exploit it, and made it a policy of turning it off. It was about 2 years ago.
P.S.
I’m sure there exist tools for the really security-conscious folks to verify whether ME has become disabled, but I was installing a boring warehouse system, so I didn’t check.
How about locking all the advanced functions behind a hardware lock that requires an online key to unlock? Besides getting an IP address for geolocation, this approach would enable manufacturers to put a subscription on the features as well. Require users to provide a government issued ID that matches the name on the credit card used.
VPN! I hear you cry. But the driver is already running pretty close to the hardware, so good luck hiding a VPN client.
So while you can’t guarantee a street address accuracy, you can get country and overall regional subdivision.
As a coder with some hardware awareness, I find the concept laughable.
How does he think they (read: the Taiwanese, if they are willing to) would go about doing it?
Add a GPS receiver onto every GPU? Add an inertial navigation module to every GPU? Add a radio to every GPU? :D
The poor politician needs a technically competent advisor forced on him. To make him aware (preferably in the most blunt way) of real possibilities in the real world.
In the real world, you can prevent a chip from knowing where it’s running and you can’t add random shit onto a chip, and if someone does, you can stop buying bugged hardware or prevent that random addition from getting a reading.
deleted by creator
I’m already familiar with it. On the systems I buy and intall, if they are Intel based, ME gets disabled since I haven’t found a reasonable use for it.
Since this is more relevant to me (numerically, most of the systems that I install are Raspberry Pi based robots), I’m happy to announce that TrustZone is not supported on Pi 4 (I haven’t checked about other models). I haven’t tested, however - don’t trust my word.
From the Raspberry Pi Foundation, who are doubtless ordering silicon from TSMC for the Pico series and ready-made CPUs for their bigger products, and various other services from other companies. If they didn’t exist, I would likely fall back on RockChip based products from China.
Wow. :) Neat trick. (Would be revealed in competent hands, though. Snap an X-ray photo and find excess electronics in the socket.)
However, a radio transceiver is an extremely poor candidate for embedding on a chip. It’s good for bugging boards, not chips.
deleted by creator
In the BIOS options of that specific server (nothing fancy, a generic Dell with some Xeon processor) the option to enable/disable ME was just plainly offered.
Chipset features > Intel AMT (active management technology) > disable (or something similar, my memory is a bit fuzzy). I researched the option, got worried about the outcomes if someone learned to exploit it, and made it a policy of turning it off. It was about 2 years ago.
P.S.
I’m sure there exist tools for the really security-conscious folks to verify whether ME has become disabled, but I was installing a boring warehouse system, so I didn’t check.
deleted by creator
If politicians had advisors then how would they justify doing the dumb shit their owners want them to, then they can’t plead ignorance.
How about locking all the advanced functions behind a hardware lock that requires an online key to unlock? Besides getting an IP address for geolocation, this approach would enable manufacturers to put a subscription on the features as well. Require users to provide a government issued ID that matches the name on the credit card used.
VPN! I hear you cry. But the driver is already running pretty close to the hardware, so good luck hiding a VPN client.
So while you can’t guarantee a street address accuracy, you can get country and overall regional subdivision.
But who would buy such hardware? :)
In my imagination, there is no VPN client. The whole network is behind a VPN router and the internet gateway is where it needs to be.