hyperion2010

From [0] > Of course building everything yourself generally isn't practical.

I've been using gentoo for a decade and I'm sad to say that I still can't get to 100% built from source. There is always some useful program out there, or something that I don't want to maintain the build process for, that ends up being a binary that I know nothing about.

Getting to 90% is possible. 100% is extremely difficult requires making some hard choices about what software you are going to use.

0. http://sobersecurity.blogspot.co.uk/2016/05/trusting-trustin...

Taek

It's all kind of moot anyway if you are running hardware with blobs (Intel ME, for example). Getting truly to 100% is pretty far away, as frustrating as that is.

walterbell

With major effort, ME has been disabled on Lenovo X230 (Ivy Bridge).

timonovici

Where do you get your information from? AFAIK, it's only has been stripped down to a bare minimum, putting it in some sort of recovery mode - but it can't be erased from the BIOS chip yet.

eximius

https://www.coreboot.org/pipermail/coreboot/2016-September/0...

timonovici
I was thinking of this project - https://github.com/corna/me_cleaner This is the one that strips most of the ME (which seems to be Java applets, if I remember correctly Igor Skochinsky's presentation), but there's still the core "OS" in PCH, which loads and executes the applets - we don't know what nefarious things that part of ME might be up to - and it has DMA, and access to the network controller - that's how they remotely wipe HDD's, even without an OS being installed, even without the computer being turned on - that shit is straight out of Orwell's 1984. Telescreen, that's what it is.