Thinking of buying a second hand Elite Desk small factor to throw Linux on. I’m worried about the HP firmware-bios thingy. Does it call home? Can I disable calling home somehow? Can it have access to my hard drive info ?
The UEFI firmware shouldn’t connect to the internet at all. You can’t rule it out entirely, but the threat is pretty small. Theoretically, it can access your hard drives, but again, it’s very unlikely that your BIOS will exfiltrate your data and send it somewhere. If you want to be sure, use LUKS for full disk encryption.
We use HP EliteBooks and EliteDesks extensively at work. I even used to set them up in my old job, and as far as I’m aware, it doesn’t connect to the Internet or “phone home” by default (although that could’ve changed in recent models). In any case, one of the nice things about the HP BIOSes is that it’s very configurable - you can disable the automatic BIOS update checks, network adapter etc. I forget if there was an option to just disable the network stack, but what you could do is configure the UEFI network settings so that they’re invalid - ie, set it to a random static IP + random DNS etc (eg: 0.0.0.0) so that it can’t connect even if it tried.
Those machines are very, very good to run Linux. Stable, everything is supported out of the most, very reliable. About calling home, they don’t, however some models, like most machines, have Intel ME baked into the CPU and that can be remotely accessed. The good thing is that you can disable the Intel ME features on the UEFI and there’s a toggle to completely disable the network card before an OS is loaded.
I’m worried about the HP firmware-bios thingy. Does it call home?
It’s for these kinds of reasons we should be demanding open source firmware from major vendors or only buying hardware from vendors that already have open source firmware (System 76, Tuxedo, etc).
This sounds like a privacy concern. Maybe one of the privacy communities will have a better answer.
You’re worried that the bios will ping hp and hand over info, is this something that you have info on?
Depends on the model. While some offer bios updates over ip, not all do. That would really be the only thing talking out.
I’ve no idea what you’re referring to aside from maybe the Intel ME, but there may be a way to flash coreboot on it.
When any pc starts, isn’t there the boot up menu etc? I’m referring to that. In that menus there are options of remote access or firmware updates etc apart of course the usual setup options like in what turn the boots take place eg HDD, network, dvdrom , USB and others like time, date etc.
Intel ME is one concern yes but I doubt I can flash corevoot on this machine as it is almost 2 years old.
deleted by creator
What
See my reply above.