@srytryagn said in Best non-Intel Quad port NICs ?:
@nimrod
Udate-a-bility-> If the firmware is not updated and vulnerable was thinking that it might not be a good idea to to use it for an edge device, i.e/ a very trusted firewal. Perhaps some Broadcomss or modern intel.
Those are extremely rare cases that NIC needs a firmware update to fix a critical security issue. Im with @stephenw10 on this one. Stick with Intel. You will save yourself from unnecessary headaches.
to your point -> do you mind expanding on that ? Is there a mitigation? Thought that was only an issue for " pro" amd and that intels had a way to shut off in bios.`
There is no mitigation. Every Intel and AMD motherboard manufactured after 2006 has a embedded chip that runs modified closed source version of MinixOS that has low level DMA access. DMA access means.
Full access to the contents of your RAM.
Full access to your storage.
Full access to your I/O devices. It can capture keystrokes, mouse movements, take screenshots...etc.
It basically owns your system completely from the moment you turn it on. It boots first, so its completely irrelevant what operating system you use.
Intel calls this "feature" Intel Management Engine, and AMD calls it PSP which is short for "Platform Security Processor". There were several attempts to remove ME/PSP but intel/AMD made it impossible. When your system is done with POST, CPU microcode checks for the presence of ME/PSP and makes a handshake through a custom encrypted protocol. If the handshake fails, a timer in CPU is triggered and system reboots after 30 minutes. Basically, if you somehow remove ME/PSP your system will be stuck in permanent reboot loop state until full ME/PSP functionality is restored.
There are very limited number of motherboards and old laptops where ME can be fully or partially disabled. You can find more info about this here.