PoetGrant's Press

Inside the Mind of PoetGrant

Let's Talk About ME

May 02, 2019 — Grant Ford

I recently read an article by Hugo Landau called 'Why Intel will never let owners control the ME' in which he discusses the Intel Management Engine. It got me thinking about personal computing and the state of freedom in the digital space.

A lot of people think outloud that "no one really knows how much freedom they give up and how much liberty has been taken away from them." I think it goes deeper than that. It is true that the average user doesn't know how much freedom they give up by using Google, Apple, and Microsoft products. The state of personal computing today consists of users giving out all of their private data for the sake of convenient access to software which allows them to share even more data with their friends and family over network lines that are continually monitored by bots. These bots collect data/metadata for their masters which happen to be governments, corporations, and network crackers. It was revealed last year that IME contained backdoors into their software, which leads to some serious security risks for everyone. In addition to that, from Landau's article (linked above) I discovered that Hollywood is a major part of the purpose for IME being implemented in the first place so that they can more easily secure their content with DRM restrictions.

I have no real qualms with a content creator wanting to secure their content, however, building DRM directly into the systems that I use feels wrong to me. It is an unwanted intrusion into my own personal security and the security of my loved ones. So this whole situation birthed a thought experiment in the back of my head. Is there a way to buy or build a computer without the lowest levels of the system being compromised?

After scouring the web for a couple of hours I realized that there is only one real solution to this issue. I know it is silly, but RISC-V is the solution I see. I know it is still an experimental architecture, but it seemed very promising. I already have one of the SiFive dev boards ordered, and I will be playing around with it to figure out how it could suit my needs. The biggest problem here is that RISC-V so far has boards that are System on a Chip boards, which is great for peripheral computing like low-power laptops and integrated devices. So the only way I can see a RISC-V system becoming my main development system is if I were to somehow integrate multiple boards for different purposes throughout my life. The work that would need to be done to make this a reality is much greater than I would prefer, but this is how I perceive it.

First I would need a home terminal. RISC-V has linux working nicely running on their boards, so this shouldn't be a huge problem. This home terminal would be my gateway to the internet and the firewall for all of the other connected boards. It would also be the place that I settle into for writing these articles and managing my online life. The current problem is that getting software running on a RISC-V system will be a little more difficult, so it would be a little like going back a couple of decades in time.

Second, I would need an Arduino controller for managing external storage as I would only be using flash storage on the first board. The Arduino board would help control the flow of data between the boards either through direct connection or through a network connection.

Third, I would need another RISC-V board to help offload the workload of video, audio, and image editing. I know it sounds silly, but I have tried simply using a Raspberry Pi for this and with all of the background processes of everything else that I have going, there just isn't enough CPU and RAM to take care of such a task, so that board would have the sole purpose of editing. I imagine this setup sort of like how KDE and GNOME handle multiple desktops. Each board would be a desktop, which means, I would need a fancy KVM switch to make it feel relatively seamless.

After it's all said and done, I would need different boards for different tasks throughout the day. That would be the only way I can see to make this whole thing workable. Why would I even think about this? Well, I take my personal security and the intrusions on my privacy very seriously. I understand that Intel and AMD have decided to include low-level code to manage content and so on for a reason, but I don't like that reason.

Now I am not saying that I will be doing all of this right now, but it is a dream I have. Maybe when I have a little more money and free time I can start to implement this project, but until then I just have to be careful. There are natural security measures that one could take to be sure that your privacy is not compromised. I tend to keep sensitive documents on an external flash drive that remains disconnected until I have killed the connected to my router. I also use a VPN and TOR, which I know are not cure alls, but they sure help secure parts of my life a little easier. After it's all said and done, I think that there are certain areas of computing that are much too difficult to secure without extreme and in-depth knowledge that I am still trying to learn. Until then I just limit contact with services that collect data and I stay as up-to-date as possible of security risks posed by certain companies and software.