From my reading, I see complaints about lack of security in laptops having Intel chips with their “management engine” or some such term. Meaning external parties can activate and control/read/intercept computer content. Framework seems to intend to produce a secure product with switches for camera and microphone. I don’t think I have seen mention of a method to avoid Intel’s built in backdoor “management engine” designed to spy on computer owners. Will Framework offer Libreboot or some similar solution? Since Intel is part of the plan, how will their intrusion be avoided? Thanks in advance for responses.
No way to escape it! There are going to be community efforts to reduce the ME and reduce such risks, however this will be rather complex and depends on some elements of cooperation from Frame.Work. Further, I’m reasonably sure that even if we were to have a technical breakthrough where we could fully remove the ME, doing so in the 11xxxx series of Intel CPUs would still be impossible as the responsibility for managing some stuff that is critical for CPU sleep has been shifted to the ME. That would mean we’d also need to reimplement a secure and free core ME replacement. Considering we can’t even neuter the ME in 11xxxx CPUs yet (only “disable”), I wouldn’t hold my breath.
I’m also interested in this, so I dug around a little bit.
For this first iteration of the Laptop, you are indeed stuck with Intel. You can always use the regular approaches to disable the ME as much as possible, and coreboot is being explored:
Additionally, Framework is hoping to release other versions of the motherboard in the future with ARM64 and maybe even RISC-V processors:
So I guess right now it’s not much better than any regular Intel laptops in that regard, but there’s a lot of potential for privacy-conscious upgrades in the future.
@iFreilicht , I would say the hardware cut off switches for camera and mic are step in the right direction though! The purism laptops take this approach, although I’m sure everyone knows that they have managed to “neutralize” the Intel ME. Much more expensive for worse hardware though.
If ever a company deserved Caveat Emptor, it would be Purism
Shame tho, I’d be willing to sacrifice the better iGPU if only they offered USB4 and shipped their products on time instead of stringing customers along
Personally I prefer the ME removed over battery life, but that’s totally subjective.
Removing the ME will also remove functionality like Intel SGX (which is used for DRM content (streaming e.g. netflix) [0]).
Probably some costumers will complain, when they lose this functionality. So probably a BIOS option would be a nice trade-of for both sites.