New Manjaro Hardware for Spring 2019 available

manjarobook
linux-service-be
manjarobox

#21

Asus as an hardware partner?


#22

No, the vendor called ubuntushop is using ASUS parts in the AIO but that doesn’t make ASUS a hardware partner


#23

the red metal jacket looks nice btw i will prefer a higher battery capacity instead of 2,5 disk


#24

Yey, more intel…


#25

Question (something I look for whenever considering a linux hardware vendor):

Do the boxes have coreboot? Is the Intel ME completely disabled?

Anybody know? I couldn’t find anything on their site about the firmware.


#26

probably not,
to my knowledge only system76 has that kind of firmware modifications out of the box


#27

AFAIK intel ME exists in vPro enabled platforms. At least for the red metal one, none of the cpu’s has vPro capabilities.


#28

That’s what I’ve heard.
Actually, I’m pretty sure Puri.sm does the same thing.


#29

According to the EFF, the Intel ME (or some variant with equally troubling privacy and security concerns) are present across all of (or nearly all of) Intel’s entire x86_64 lineup, pretty much from day one. It’s baked into the chipset.


#30

ME and AMT aren’t the same but work together. AMT is available on vPro CPU’s only, ME (or part of it) can be present on other platforms but it doesn’t listen to ports arbitrarily. The vulnerabilities found are on AMT and it needs to be turned on with drivers installed for it to work. From link you posted, which leads to another link:

How do I know if I have it enabled?
Yeah this is way more annoying than it should be. First of all, does your system even support AMT? AMT requires a few things:

1) A supported CPU
2) A supported chipset
3) Supported network hardware
4) The ME firmware to contain the AMT firmware

Merely having a "vPRO" CPU and chipset isn't sufficient - your system vendor also needs to have licensed the AMT code. Under Linux, if lspci doesn't show a communication controller with "MEI" or "HECI" in the description, AMT isn't running and you're safe. If it does show an MEI controller, that still doesn't mean you're vulnerable - AMT may still not be provisioned. If you reboot you should see a brief firmware splash mentioning the ME. Hitting ctrl+p at this point should get you into a menu which should let you disable AMT.

My laptop has both ME and AMT and I’ve my share of research in the past. What I’ve done was to set an ME password, set it to turn off 1 minute after the laptop sleeps or turns off and disable AMT. I also blacklisted MEI drivers but that’s probably unnecessary.


#31

And @chewie didnt we talk about this already? :laughing:


#32

The live test drive in browser address is changed to:
http://manjaro.mywire.org:6080/vnc.html?autoconnect=1&resize=downscale&quality=5