Trustworthiness of UEFI

Shalok Shalom

Alejandro López Slimbook
on 03/21/2024 09:17:04

Hi :)

I love that you offer the opportunity to deactivate Intel ME. 
Now, since you use a custom UEFI, I am wondering about the trustworthiness of that feature. 

Who did implement this feature? Do you have access to the source code of the custom UEFI?
I am specifically talking about that one of the Element, but like to know it for all models. 

Do we simply trust the UEFI vendor here? 

Vaja Benidze Slimbook
Hello Shalok,

I'm glad you like the option to disable Intel ME. However, I don't understand the concern about this since all UEFI are customized for each laptop model. There isn't a general UEFI for all Slimbook, just as there isn't a general UEFI for any other laptop manufacturer. That's why you can't install a UEFI from Elemental to Essential (for example).

As for us, we do trust our UEFI provider, in your case for Elemental it would be Insyde, so you shouldn't have any concerns about it. However, you can always choose not to update.

Best regards.

Shalok Shalom
How can you trust the source code of a software, that you have presumely no access to?

Is this blind trust, or is there any technical evidence for this?

I personally fail to see the sense of an Intel ME decativation, if I cant trust the UEFI.

And you just saying I should trust it, because you do it, is shady at best.

Like - what do your technicians say to this, please?

Vaja Benidze Slimbook
Hello Shalok,

Our engineer was part of the Coreboot development lists, and although Coreboot has not been implemented due to instability issues, he has overseen the process and has full confidence in it.

Coreboot UEFI also runs blobs or binaries that cannot be decompiled. I assume you already know this, but you may have overlooked it. The same thing happens here. You may be confusing certain things.

Please, be kind and respectful of others work to make this a constructive environment.

Best regards.

Shalok Shalom
I am well aware, that Coreboot is still loading binary blobs, and you will agree, that the deactivation of Intel ME is more reliable, if we know the source code of the firmware? 

Vaja Benidze Slimbook
Hello Shalok,

Yes, but Intel ME testing tools are the same across all systems and firmwares, Coreboot, AMI, Insyde. And you will agree that not having the source code of the blobs that Coreboot loads is not knowing what is happening.
