Your average desktop/laptop CPU runs a blackbox like Intel AMT or AMD PSP which is basically an always active mini-CPU that runs in the background and is OS-agnostic. If you consider your OS max privilege level as ring 0, this is ring -1.

If/when someone manage to conpromise those, they can basically take over your computer, and Intel/AMD doesn't provide any sort of killswitch or physical way of disabling it.

Tell me more about this. What does this system do, and why can't we do anything about it?

The first section of [1] explains that with references

[1]: https://legends2k.github.io/note/clean_me

oh my. I don't see why bloomberg got all busy with hidden Chinese chips. It looks like intel already have it covered.

Alas, it is so. Graphics cards have much the same going on. It's part of why Nvidia will likely never opensource or mainline their drivers... They have a huge need for blobs and hardware backed secrecy in order to enable most systems to be compatible with HDCP. That means they need to be able to attest to their cards having not been compromised since leaving the factory.

As someone could in theory cobble together an HDCP compliant rig and good heavens, might be able to intercept and decode HD content!

So much of what makes the tech giants so lucrative is that they act as centralization points for industry level orchestration of what user behavior to support.

You can bet that if an industry working group is stoked, there's likely hidden in there somewhere an implementation detail intended to curb an undesirable user freedom or general capability.

> HDCP compliant rig and good heavens, might be able to intercept and decode HD content!

As if that even matters - pointless standard. can't think of any content that there isn't a torrent up hours after it's available lol

The biggest difference is that graphics cards don't have network access. Without network access, proprietary code can be an annoyance, but won't be an outright compromise.

(sure the code could still do nasty stuff like facilitate tempest or other sidechannels, but that's leaps and bounds ahead of the built in assumed-RCEs of ME/PSP).

Not just Intel. amd too.

> What does this system do,

It can be used for 'out of band' management of your system, including firmware/bios rollouts and updates. Allows remote hijacking of attached hardware devices. Basically can puppeteer your entire system.

> why can't we do anything about it?

Because there is no ability to update or modify this code. It is only updatable by the hardware vendor as it is encrypted, signed and checked during update.

Faraday cage can do something about it.

I think you mean Intel ME not Intel AMT.

Correct, my bad. I would edit my original comment but it's too late.

Correct, my bad.

Solved until somebody invents some form of technology for storing energy over time,and another for communicating without wires

Yeah, until I want to actually do anything with it.

Mainly not depending on closed source binary blobs or drivers.

I also think selecting parts is limited by the fact that there are so few manufacturers. Processors these days mostly come down to AMD or Intel and nothing there is transparent or audit-able. "trusted computing" and backdoors make even your hardware suspect.

There are capable desktop computers with open hardware, down to the silicon: you just have to pay for it.

For example, for $4k, you can get this with specs roughly equivalent to a normal developer machine: https://www.raptorcs.com/content/BK1SD1/intro.html

Actually, for about 1700 you have the Blackbird BK1B01 mainboard + cpu from Raptor, with 4 cores, 16 threads: https://www.raptorcs.com/content/BK1B01/intro.html

I bought two of these last year and they're great, stuff your own memory in there, add some storage and off you go.

Edit: clarified that this would be a mainboard + CPU.

And the cool thing – it looks like there has been some interest[0] in supporting Power for WINE.

[0] https://www.winehq.org/pipermail/wine-devel/2019-February/14...

Not too shabby looking! Thanks for the link

Neat, should be on the front page.