You did not. But government and enterprise customers might choose HP over competitors just because it sounds good. What benefits it brings over ubiquitous TPC and ME is a question. What is for sure is that it is yet another attack surface, and security support of it will not be quick/consistent/long (or even exist) after it is sold.
Whether or not its interesting to learn about the endpoint security controller's integration into various HP notebooks if its just Google levels of creepy depends a lot on what ESC does.
just seems like another way hp can use hardware to lock people from using hdd and sdd that they want... not to metion ddr4 and other things. they did it in the past!
I just ran into that issue after a BIOS update on the in-law's HP computer. After the update, the Samsung SSD that had been in there for years was no longer recognized. Come to find out HP purposefully blocked 3rd party SSDs with that update. I will never buy another HP PC.
More then likely be the update reset bios defaults and made the system unbootable (probably need to set secure boot back on witch enables uefi mode or the update reset the bios to cms/standard mode) An hp bios update has never turned it into an apple pc before
Anecdotally, I had something similar happen to me a month or two ago, refitting a HP desktop with a Samsung 860 Evo. I installed the new SSD, installed Windows, all was fine. Then I updated the BIOS and the machine wouldn't boot anymore. I put the drive in another machine, it was fine. I put other drives in the HP, it was fine & would boot. But nothing could get the Evo back to working with that HP. I posted on the Anatech forums and on the HP forums. Ultimately I just stuck a different, older SSD that I had lying around in there, installed Windows again, and deployed it to the user.
I didn't have to to really drill down into what happened exactly, but I can definitely confirm that following a BIOS update, that 860 Evo no longer worked in that machine, while working in other machines, and other drives worked in that machine.
Also FWIW I tried every sort of setting including changes to Secure Boot and resetting the BIOS. I just ran out of time to keep futzing with it, slapped another SSD in there and deployed.
To which is say HELL NO! I don't want undocumented, non-free stuff running behind the scenes on my PC's. If this was FOSS software, and allowed you to customise + turn it off, maybe it'd be interested, but otherwise, a hard no from me.
I believe in picking ones battles, and while I appreciate privacy and security, I also still own phones of both OSes, use Gmail, Office 365, Windows 10, buy crap from Amazon (when unavoidable), have a smart TV, and pay for services using credit cards in my own name with my own address. I'm under no illusions that much of anything I really do using modern technology is private, especially to a determined exploiter. That ship has sailed, so I'm not gonna tilt against a windmill about HP putting some under-documented security chip in my laptop.
If this makes refurb EliteBooks cheaper for me because of some nerd-outrage backlash, then I'm cool with it.
Er, the chip is not "under-documented". It is still completely UNdocumented and, most importantly, was kept secret for six full years. Documentation of a software or firmware suggests "ability to audit" the thing. That is still not the case, and marketing images like the above are not even remotely documenting anything. "Under-documentation" implies insufficient documentation, which clearly does not apply here.
Unless they have an entire team of Google level engineers constantly working to improve both the chip and software, I can pretty much guarantee you we will see an exploit that uses these in the future.
Exactly. Particularly now that they revealed the chip exists but have not allowed anyone to audit it. By the way, even "entire teams of Google level engineers" introduce or miss bugs. You make it sound like Android is bulletproof.
This sounds like a dream for attackers with sufficient resources. An undocumented general-purpose processor sitting above the system BIOS and able to "heal" it (read: replace or patch it) at will. Installed since 2013 unbeknownst to the laptop owners.
Open hardware increasingly starts to look like the only way to go if you want to truly own your device.
Awwww shucks HP, and you were on everyone's wish list this year, now is straight on the naughty get a bag of coal in the nuts list.
Guess some companies never learn, if it is not their printers locking you out forcing to buy ink when there is still plenty left, to odd wired components to prevent user maintenance, foobar bios etc.
Oh, we have a bunch of HP digital senders at work. They locked it down into buying their card readers. Their $300+ card readers. They use to allow you to use any card readers. So you could get a $20-30 one and be good to go.
Because Apple, for all its faults, never kept Secure Enclave secret and has provided extensive documentation to developers about how it (and iOS & iPhone security in general) operates. Furthermore, documentation helps third party security researchers to audit Secure Enclave and iOS for bugs and exploitable flaws.
On the contrary, "security by obscurity", which appears to be what HP have been doing, has never worked, does not work and will never work. This is just a sample of Apple's documentation on the Secure Enclave : https://developer.apple.com/documentation/security...
Knowledge4sure is giving the best and productive approach to get HP HP2-I17 Exam by HP2-I17 Exam Questions and HP Sales Certified HP2-I17 practice test software. We are acclaimed for conveying the best HP Sales Certified Test Dumps to HP understudies. We ensure your success is guaranteed. Prepare your HP2-I17 Selling HP Printing Hardware 2020 Exam from our legitimate HP2-I17 Practice Tests and be ensured. Visit the site for complete subtleties: https://www.knowledge4sure.com/HP2-I17-exam-questi...
We’ve updated our terms. By continuing to use the site and/or by logging into your account, you agree to the Site’s updated Terms of Use and Privacy Policy.
Facebook
Twitter
RSS
33 Comments
Back to Article
satai - Thursday, May 2, 2019 - link
Dear HP (Intel...), have I asked you to install undocumented HW and SW on my devices?peevee - Friday, May 3, 2019 - link
You did not. But government and enterprise customers might choose HP over competitors just because it sounds good.What benefits it brings over ubiquitous TPC and ME is a question. What is for sure is that it is yet another attack surface, and security support of it will not be quick/consistent/long (or even exist) after it is sold.
satai - Sunday, May 5, 2019 - link
I am pretty sure enterprises and gov had not asked for undocumented chips too...GreenReaper - Friday, May 3, 2019 - link
Your best defence is to not buy those devices. Money talks loudest of all.satai - Sunday, May 5, 2019 - link
It's easy to say.It's hard to do.
How can I avoid such a thing that is installed for years without public disclosure?
Open hardware is an possible way out but the options are limited now.
willis936 - Thursday, May 2, 2019 - link
Things that make you go “yikes”, for 500.PeachNCream - Thursday, May 2, 2019 - link
Whether or not its interesting to learn about the endpoint security controller's integration into various HP notebooks if its just Google levels of creepy depends a lot on what ESC does.fazalmajid - Thursday, May 2, 2019 - link
To quote Count Dooku: "Twice the pride, double the fall".BurntMyBacon - Monday, May 6, 2019 - link
Wasn't that just before he got both hands cut off?austinsguitar - Thursday, May 2, 2019 - link
just seems like another way hp can use hardware to lock people from using hdd and sdd that they want... not to metion ddr4 and other things. they did it in the past!DigitalFreak - Friday, May 3, 2019 - link
I just ran into that issue after a BIOS update on the in-law's HP computer. After the update, the Samsung SSD that had been in there for years was no longer recognized. Come to find out HP purposefully blocked 3rd party SSDs with that update. I will never buy another HP PC.leexgx - Friday, May 3, 2019 - link
More then likely be the update reset bios defaults and made the system unbootable (probably need to set secure boot back on witch enables uefi mode or the update reset the bios to cms/standard mode)An hp bios update has never turned it into an apple pc before
Ashinjuka - Friday, May 3, 2019 - link
Anecdotally, I had something similar happen to me a month or two ago, refitting a HP desktop with a Samsung 860 Evo. I installed the new SSD, installed Windows, all was fine. Then I updated the BIOS and the machine wouldn't boot anymore. I put the drive in another machine, it was fine. I put other drives in the HP, it was fine & would boot. But nothing could get the Evo back to working with that HP. I posted on the Anatech forums and on the HP forums. Ultimately I just stuck a different, older SSD that I had lying around in there, installed Windows again, and deployed it to the user.I didn't have to to really drill down into what happened exactly, but I can definitely confirm that following a BIOS update, that 860 Evo no longer worked in that machine, while working in other machines, and other drives worked in that machine.
Ashinjuka - Friday, May 3, 2019 - link
^Didn't have time toAlso FWIW I tried every sort of setting including changes to Secure Boot and resetting the BIOS. I just ran out of time to keep futzing with it, slapped another SSD in there and deployed.
StrangerGuy - Thursday, May 2, 2019 - link
Something NSA something backdoors.jay.t - Thursday, May 2, 2019 - link
To which is say HELL NO! I don't want undocumented, non-free stuff running behind the scenes on my PC's. If this was FOSS software, and allowed you to customise + turn it off, maybe it'd be interested, but otherwise, a hard no from me.69369369 - Thursday, May 2, 2019 - link
lol u triggered m8?nandnandnand - Thursday, May 2, 2019 - link
u a shill m9?leexgx - Friday, May 3, 2019 - link
You do have to actually enable this security feature to be able to use it (disabled by default)peevee - Friday, May 3, 2019 - link
But can you be sure it is actually disabled and does not spy on your every IP packet and/or camera and or mic feed without your knowledge?Ashinjuka - Thursday, May 2, 2019 - link
I believe in picking ones battles, and while I appreciate privacy and security, I also still own phones of both OSes, use Gmail, Office 365, Windows 10, buy crap from Amazon (when unavoidable), have a smart TV, and pay for services using credit cards in my own name with my own address. I'm under no illusions that much of anything I really do using modern technology is private, especially to a determined exploiter. That ship has sailed, so I'm not gonna tilt against a windmill about HP putting some under-documented security chip in my laptop.If this makes refurb EliteBooks cheaper for me because of some nerd-outrage backlash, then I'm cool with it.
Santoval - Friday, May 3, 2019 - link
Er, the chip is not "under-documented". It is still completely UNdocumented and, most importantly, was kept secret for six full years. Documentation of a software or firmware suggests "ability to audit" the thing. That is still not the case, and marketing images like the above are not even remotely documenting anything. "Under-documentation" implies insufficient documentation, which clearly does not apply here.Reflex - Thursday, May 2, 2019 - link
I'd be more onboard if it wasn't for the fact that HP software is where we often find our security issues when doing PEN tests.oRAirwolf - Thursday, May 2, 2019 - link
Unless they have an entire team of Google level engineers constantly working to improve both the chip and software, I can pretty much guarantee you we will see an exploit that uses these in the future.Santoval - Friday, May 3, 2019 - link
Exactly. Particularly now that they revealed the chip exists but have not allowed anyone to audit it. By the way, even "entire teams of Google level engineers" introduce or miss bugs. You make it sound like Android is bulletproof.JanW1 - Friday, May 3, 2019 - link
This sounds like a dream for attackers with sufficient resources. An undocumented general-purpose processor sitting above the system BIOS and able to "heal" it (read: replace or patch it) at will. Installed since 2013 unbeknownst to the laptop owners.Open hardware increasingly starts to look like the only way to go if you want to truly own your device.
peevee - Friday, May 3, 2019 - link
What open hardware?edzieba - Friday, May 3, 2019 - link
"We installed an undocumented hardware backdoor into all your devices! No need to thank us!"Dragonstongue - Friday, May 3, 2019 - link
Awwww shucks HP, and you were on everyone's wish list this year, now is straight on the naughty get a bag of coal in the nuts list.Guess some companies never learn, if it is not their printers locking you out forcing to buy ink when there is still plenty left, to odd wired components to prevent user maintenance, foobar bios etc.
khanikun - Monday, May 6, 2019 - link
Oh, we have a bunch of HP digital senders at work. They locked it down into buying their card readers. Their $300+ card readers. They use to allow you to use any card readers. So you could get a $20-30 one and be good to go.id4andrei - Friday, May 3, 2019 - link
Isn't this similar to Apple's security chip? Why is Apple praised for it and HP vilified?Santoval - Friday, May 3, 2019 - link
Because Apple, for all its faults, never kept Secure Enclave secret and has provided extensive documentation to developers about how it (and iOS & iPhone security in general) operates. Furthermore, documentation helps third party security researchers to audit Secure Enclave and iOS for bugs and exploitable flaws.On the contrary, "security by obscurity", which appears to be what HP have been doing, has never worked, does not work and will never work. This is just a sample of Apple's documentation on the Secure Enclave : https://developer.apple.com/documentation/security...
kelvinluise998 - Tuesday, September 8, 2020 - link
Knowledge4sure is giving the best and productive approach to get HP HP2-I17 Exam by HP2-I17 Exam Questions and HP Sales Certified HP2-I17 practice test software. We are acclaimed for conveying the best HP Sales Certified Test Dumps to HP understudies. We ensure your success is guaranteed. Prepare your HP2-I17 Selling HP Printing Hardware 2020 Exam from our legitimate HP2-I17 Practice Tests and be ensured. Visit the site for complete subtleties: https://www.knowledge4sure.com/HP2-I17-exam-questi...