User2288 You have misconceptions about Intel ME which were addressed in the thread.

ARM is dramatically simpler than x86, and Tensor is a particularly simple/clean smartphone SoC implementation. Nearly everything is dramatically simpler. There's no SMM, ACPI, UEFI or countless other things, not just ME. There's no equivalent to them because things are simpler done in a simpler way. Device management is done via apps in the OS granted device management permissions and that's more than good enough for the use case. Those apps can use hardware attestation if they want to verify the device / OS.

I suppose a base band attack that gains access? What kind of access could that entail? What does the "isolation" actually do?

This is venturing into similar misconceptions about cellular basebands. It's not different from Wi-Fi/Bluetooth. The isolation is the same: they can only access their own memory and system memory shared with them by the driver which along with the userspace services/libraries are responsible for safely interacting with the component and avoiding vulnerabilities exploitable through the communication. It's little different from any other radio or network card. They're typically not properly isolated in desktops, but they are properly isolated in the devices we support and bypasses for that isolation are considered High severity vulnerabilities similar to comparable privilege escalations within the OS.

      GrapheneOS thanks for this explanation. It was informative.

      Without question everyone here discussing this subject has misconceptions and lack of knowledge about this. If we didn't we wouldn't be here making posts about it and asking questions. 😌

      Anyway thanks for the info. This explanation of yours was satisfactory enough for me not to worry about the subject any more on pixels.

        User2288

        I don't think a system like that has verified boot, but I don't now.

        Possibly it is not only about the ME, what is about a system with old firmware? As far as I know, no OS can be secure on a device if the firmware is the entry point. And many devices don't get long firmware support.

        So Im curious about a good laptop option in terms of updates (os and firmware) with good security and privacy. And hopefully good to repair.

        I hoped that an old ThinkPad with coreboot/libreboot And QubesOS would be the solution. Quite friendly, they have a good repairability, but unfortunately I don't have enough knowledge about the Intel ME or any possible security concerns in these old devices.

            4 days later
            7 months later

            since the phone processor when powered on problyhas access to the cellular modem, if there is anything like Intel ME built in, the chip if backdoored could request access to the cellular modem, then exfiltrate data through the cellular modem as well as provide a false reading for how much data is being used if OS monitors cellular packets and request that all telcoms do not include any packets going to exf.ilt.rat.e ip address be listed in billing. There would be no way to know. Doesn't it seem likely such a backdoor would be included by design? It would just mean that depending on threat model there could be risk of exfiltration. If threat model is low or mild it wouldnt matter.

            Is this not possible? Intel ME concerns me. I have been hacked on desktop and think it was through ME but do not knows.

              notahuman Please read through the official project account's responses here. There are so many posts where the project account or others have addressed similar worries in other threads too. There just isn't any real reason for Google to hide a backdoor like what you're describing. They'd get caught and there'd be backlash. Google has more than enough access to data via Google Play Services. There's no need for a backdoor.

              I'd also suggest reading a fellow moderator's fantastic response to a similar question here: https://discuss.grapheneos.org/d/10150-not-your-average-why-pixel-thread/7

                  other8026 This makes no sense.

                  The government could have demanded google create a backdoor in the hardware and issued a gag order.

                  Such a backdoor would be useful. Google Play collects and sends data when a user is in the Internet. iIf a user goes into airplane mode the government couldn't track a user easily. If there's a hardware backdoor, they could be able to send a ping to the device to access info about the device even in that mode. There are use cases for it, so why wouldn't the government request? To say it's implausible just seems naive as to how these gag orders work.

                      notahuman Hmmmm... I think you're a CCP spy trying to get people off of Google devices and onto chinese devices which you've backdoored in order to spy on them.

                      ...see how that works?

                      Anybody can make stuff like this up, and we can then debate that made up scenario from there. It is implausible. Pixels are one of the devices with the most security research attention. It sounds like a very silly target for this kind of thing, but even if that's not convincing to you, that's fine, because I don't think anything will really be.

                      The logic of "assume backdoor" can literally apply to anything. It's not about being "naive". It's about being realistic.

                        notahuman The government could have demanded google create a backdoor in the hardware and issued a gag order.

                        In theory, yes... but...

                        In theory there is no difference between theory and practice, while in practice there is.
                        --Benjamin Brewster, Yale Literary Magazine, February 1882

                        The U.S. government could mandate that Google include mass-surveillance backdoors in all of their phones, and could maybe include a gag order. But that sort of argument could cover anything. Way back in 1949 George Orwell wrote a book in which every television was a government surveillance device, which is trivial now (in fact, smart-TV companies have been found doing surveillance for profit). And these days every car could be a surveillance device, and every Wi-Fi access point, and, heck, every automatic paper-towel dispenser in every restroom.

                        The problem with sweeping mass-surveillance conspiracies is that when they're big enough they are disclosed. Google ships new phones every year, so does Samsung, so does Apple... keeping something like that a secret, across all of those design teams, year after year, would be a monumental effort.

                        People are aware of the Crypto AG compromise, but that worked as well as it did because it was one small company. Even before Snowden made his disclosures, people suspected some of those holes. There are multiple mass-surveillance/public-safety infrastructures in China, but they are so big that everybody knows about them.

                        If the NSA, or the FBI, whatever, wants to bug me in particular, and they are willing to spend $50,000 or so, I have to assume they'll be successful. "Retail" (targeted, individual) surveillance generally works. "Wholesale" surveillance can work too, but secret "wholesale" surveillance is a lot harder.

                        I don't think it's "naive" to assume that secret wholesale surveillance would be disclosed. Gag orders can work when they are limited in scope, but I think data support the notion that grand sweeping multi-year multi-company gag orders eventually leak.