genuine question; are there any substantiated claims of Intel ME or AMD PSP actually *potentially* being "spyware" by any definition of the word?

ideally from a known security researcher, not just sourced by a "GNU/Linux" FOSS-head with little to no reverse engineering background like the claim that Intel ME "sets up a TCP/IP stack on the local network interface" - even just anything verifying *that* little tidbit would be interesting

@ipg intel ME can indeed have a network stack, it's where Intel AMT is/was implemented (and there was that auth bypass once)

@Rairii @ipg This, but you need a:
1. Chipset SKU that supports it
2. Onboard Intel NIC connected to PCH RootPort
3. Enable it in IFD/pass the pointer to FSP-S

Otherwise it's just fearmongering. I have access to source code for Intel's FSP and AMD's AGESA and if ME/PSP was truly a "backdoor", people would've discovered it a long time ago.

@ipg
It's unlikely an actual answer will ever surface to this, unless someone manages to reverse engineer either of then.
What we do know is it has enough characteristics of a backdoor, that it is difficult to not raise an eyebrow. Whether it is or isn't is likely to remain a debate topic for the rest of time.

However: bit of personal opinion time:
It's rather convenient that there's a licenced monopoly for x86 chips, and both manufacturers of said chips are including some proprietary, tamper-resistant parts into their chips.
Even more convenient is both Intel and AMD are governed by US law...
Yet more convenient is ME has explicit functionality to allow government bodies to largely disable it.

@fox I am not asking for personal opinions, I don't care about personal opinions or the subjective concept of what "characteristics of a backdoor" even means, I care about the facts of whether it is malicious like people claim it is (not just having suspicions) or not

@ipg
If you had a backdoor in someone's house, you'd do your best to make sure they didn't know, right?

@fox if I had a backdoor in your house and you had almost 2 decades worth of highly skilled people analysing every detail about your house trying to find it, surely it'd be known that one exists?

again - I am not asking for speculation, your opinion, or your hypothetical "but maybe it *is* a backdoor - we truly can't know!" - my original post is asking very clearly, are there any substantiated claims made by reputable security professionals or backed by other reputable sources about them being spyware. you have replied with nothing but speculation and conspiracy theory nonsense

@ipg
My statements regarding what is known about the management engine are not speculations or conspiracies.
It seems equally likely that in 20 or so years, there would be evidence to suggest it isn't malicious.

There is no currently known correct answer to your original question, so the best we can so is form informed and educated opinions for ourselves, assess the risks on an individual basis and proceed based on those assessments.

You don't know that extraterrestrial life exists, or doesn't exist, but you can make an informed and educated guess, based on which you make certain decisions. In that case they're unlikely to be consequential, but the same cannot be said for the original subject.

To reiterate: there is no known correct answer at the present.

@fox but that isn't what I'm asking for, I am asking for anything substantial behind "spyware" claims. and you have barged in here with your tinfoil hat conspiracy theories

@ipg
What would you define as substantial or non-conspiracy?

@fox literally anything backed by things people with have seen rather than just things people like you are assuming, whether it be behaviour (surely if it was doing malicious stuff it'd be seen by now), reverse engineering (which people have done a lot of) or leaked materials (from a five-eyes gov org or Intel/AMD directly). again it's been around for a very long time and so far we've only seen the two technologies used for actual useful end-user functionality that warrants its access

@ipg AMT allows full remote access to fleets of computers for IT purposes and it runs on ME, so it's more a question of how secure and auditable ME itself is, but the capabilities are probably there even w/o vPro

@ipg My 2 cents:

No, but especially earlier versions didn't do a good (or even average) job on being transparent and implementations were quite naive. Some of them have a crazy attack surface, some have crazy system permissions (all RAM and more), some have both. It is - well, was - quite scary.

Nothing bad was ever done intentionally, for everything I've seen. But a signed image would get you quite far, does that count as a backdoor already? (Weirdly that doesn't for most other systems.)

@ipg I can't say much about the management side of it. For the security side, unless we're talking embedded (automotive, gaming consoles etc.), they are typically not in the critical path to executing your own code.

While a TPM isn't exactly your FOSS friend, it's not exactly your enemy either; it's a passive thing that doesn't do anything unless you ask it for keys. That's equally true for any fTPM as well as any discrete I2C TPM.

@ipg Later implementations restrict memory access to CPU-controlled windows, i.e. like any other peripheral behind an IOMMU. That's good, of course, but should have been standard practice since day 1.

Some of them are overloaded with critical system functions for save/resume or early chip bringup. That's unfortunate, and as logic got cheaper, the situation got a bit better (now there are dedicated security cores, not "the one magic core that can "do everything and manage some keys on the side")

@ipg how could it even set up a TCP/IP stack if the computer is already using the networking card for the real one

it's not like hardware can magically manipulate any operating system's networking code to spawn a server that doesn't have any software associated with it

@ipg
I agree, so far all available evidence does not explicitly suggest malicious actions, however, the hardware certainly has that potential. These are known facts. Whether by Intel, a body Intel has given access to, or a bad actor leveraging one of the several vulnerabilities present in a number of revisions.
Exploits have been demonstrated, so it would be foolish to assume they haven't been used in the aforementioned lengthy amount of time ME has been deployed for.
There is material present and citable which supports the above. I'm more than happy to fetch it.

@elly @ipg the docs say that intel wlan is also supported but needs driver support

@Rairii @ipg Makes sense, "corporate" ME is a lot bigger than "consumer" likely for that reason (iwlwifi firmware etc)

@elly @ipg personally i think that all the "intel me is spyware" assertations came from that one auth bypass though

@elly @Rairii @ipg Is there any actual hardware difference between the chipsets that support AMT and those that don't, or is it just software?