Page 1 of 1

Intel Management Engine: Congratulations, Dr Tannebaum!

Posted: Tue Nov 07, 2017 1:59 pm
by Schol-R-LEA
What are you doing, Intel? Go home, Intel, you're drunk!

Minix v3.0. Hidden inside Intel Management Engine, and running on a hidden CPU core. Meaning it is part of the hardware of almost every x86-64 processor made since 2005. Including a running http server, for... reasons?

Oh, and apparently AMD copied the approach in their own Management Engine equivalent, up to and including the Minix kernel to run it.

And it was only figured out because of a security vulnerability that exposed it. Google is talking of dropping the use of x86 entirely because the vulnerability is likely to be irremediable since it is occurring in otherwise inaccessible hardware.

Seriously? Is this a joke or something? Am I misunderstanding what they are saying? No, really, please tell me that this isn't as crazy as this is sounding to me right now!

Comments? Corrections? Antidotes for the mind-altering drugs which someone apparently has been dosed with?

(No comments on whom - it could be Intel, it could be the people reporting on it, it could be both, it could be me only imagining I am reading this for all I know. Honestly, this sounds like something The Onion's editors would have rejected as too implausible.)

Re: Intel Management Engine: Congratulations, Dr Tannebaum!

Posted: Tue Nov 07, 2017 4:06 pm
by ~
The best antidote would be to implement a fully open CPU-motherboard-peripherals-OS implemetation of the standard x86 PC for 16, 32 and 64-bit architectures, with BIOS and UEFI on top of BIOS as an optional module. It will easily clear out any confusion/privacy-compromising elements, specially reimplementing the x86 CPU as an open source hardware device, then network, sound, video, TV/radio, and the rest.

Re: Intel Management Engine: Congratulations, Dr Tannebaum!

Posted: Tue Nov 07, 2017 4:09 pm
by mattias
If you want to get rid of it completely you have to drop all the way back to a core2duo :'(

At least it's an excuse to buy a Thinkpad.

Re: Intel Management Engine: Congratulations, Dr Tannebaum!

Posted: Tue Nov 07, 2017 8:23 pm
by Brendan
Hi,
Schol-R-LEA wrote:Comments? Corrections? Antidotes for the mind-altering drugs which someone apparently has been dosed with?
What some people (e.g. attention seekers like EFF) don't say is why this exists in the first place.

The main point of the management engine is to allow the computer's manufacturer to do automated testing and pre-configuration (e.g. setting firmware for the locale the computer will be sold in); and automated and remote configuration/management by the end user. For example, with the right software, an administrator at large company can have untrained labourers plug 100 new computers in at a remote site; then (via. remote networking) turn each computer on, redirect keyboard/video over the network, flash the BIOS, change BIOS setting, install an OS, etc.

Of course for small home/office (excluding the "small branch office for national company with IT department at head office" scenarios that have become very common) this sort of technology is completely unnecessary; and I'd suspect that the only reason it's included is because it's cheaper to include it in all computers than it is to design different chipsets and motherboards for different markets.

Also note that in theory it would be possible to implement (almost all of?) these features in pure silicon, with no little embedded CPU and no software at all; but this wouldn't make any difference for security risks and would just make hardware more expensive and less flexible.

The other thing to consider is that it's also used to increase security (e.g. things like checking firmware's signature before firmware is started to guard against root-kits in firmware); so even if you have no need for remote configuration/management you'd still have to weigh up the risk of having a management engine against the risk of not having a management engine. Unless you actually know how many vulnerabilities the ME prevents you can't say "removing ME will improve security" because its removal could just make everything far more vulnerable.

Note 1: For me specifically; I wish ME (and SMM and ACPI) never existed. With the right software; it wouldn't be that hard to replace most of the functionality provided by ME with a combination of wake-on-LAN and network boot (where admin asks DHCP server to tell the computer to download/boot "management tools" then sends the magic "wake on LAN" packet to the client; and once booted those tools can include the ability to update firmware, change BIOS settings, install an OS, etc). Of course most OSs already support remote desktop, so (if the OS is setup for that) you shouldn't need ME after an OS boots.

Note 2: I'm already sick of hearing the incredibly idiotic "Minix 3 in ME" hype. At best, it's probably less than a few thousand lines of code taken from the Minix micro-kernel, without a single scrap of the entire Minix user-space (which includes drivers and services and everything else that is necessary to turn a bare micro-kernel into an actual OS).


Cheers,

Brendan

Re: Intel Management Engine: Congratulations, Dr Tannebaum!

Posted: Wed Nov 08, 2017 2:27 am
by Korona
Brendan wrote:Note 1: For me specifically; I wish ME (and SMM and ACPI) never existed. With the right software; it wouldn't be that hard to replace most of the functionality provided by ME with a combination of wake-on-LAN and network boot (where admin asks DHCP server to tell the computer to download/boot "management tools" then sends the magic "wake on LAN" packet to the client; and once booted those tools can include the ability to update firmware, change BIOS settings, install an OS, etc). Of course most OSs already support remote desktop, so (if the OS is setup for that) you shouldn't need ME after an OS boots.
I think the niche of management engine is not really remote administration (that is better done using ssh) but remote crash diagnosis and recovery. At least, that is what IPMI is used for at my workplace. IPMI provides access to stuff like the BIOS and the actual VGA output even before the OS boots. If the OS crashes or freezes, wake-over-LAN will not help you to reboot it. I've encountered multiple situations where the OS was still running but not responding to ssh (e.g. because some OOM killer decided to kill critical processes or they crashed for some reasons or because the network connection to storage servers became unreliable). IPMI often still enables you find out what is going wrong without attaching a physical monitor to the node.

Of course, all this can be implemented more sanely than it is done by Intel: Put it on a separate chip that has access to the physical VGA output lines but does not have access to DMA. Attach a separate ethernet subnet to this chip and put it behind a physical firewall. I think this is also what vendors of more sophisticated management engines do, but of course that is much more expensive.

Re: Intel Management Engine: Congratulations, Dr Tannebaum!

Posted: Wed Nov 08, 2017 1:42 pm
by OSwhatever
The previous version of Intel AMT used an ARC processor together with ThreadX RTOS. I wonder what made them change to Intel x86 with MINIX? Was it because Intel wanted to use their own processor IPs as much as possible?

Re: Intel Management Engine: Congratulations, Dr Tannebaum!

Posted: Wed Nov 08, 2017 8:25 pm
by Kazinsal
Congratulations? I guess.

I feel like Tanenbaum is playing with himself here over the fact that someone actually used Minix for something other than an example of why you don't try to slander Linus Torvalds when all you have is your academia and no real world usage.

No one really cares about Minix anymore and the people who would probably are likely at the point of shrieking about how Tanenbaum is an anti-free dictator for dropping something like this in response to Intel using Minix in ME, because grrr Intel ME evil grrr I use a tenth-the-performance-per-watt "free" laptop produced in the People's Republic of China connected to a wireless network that has a path back to the internet

Maybe I just like the Intel ME because insufferable GNU-ites freak out about it.

Re: Intel Management Engine: Congratulations, Dr Tannebaum!

Posted: Thu Nov 09, 2017 10:55 am
by Schol-R-LEA
What are you talking about? The 'congratulations' part was just a joke over the 'Minix is in every PC!11!!!1!1!' thing (which, as Brendan points out, isn't really the case - thank you for the clarification, Brendan, the sources I'd seen were very misleading about that part). Tannenbaum had nothing to do with that. AFAIK, Tannenbaum himself hasn't responded to this publicly, and may not even be aware of it.

EDIT: he has responded now.. Apparently, he was surprised to hear about it. Also, it sounds as if he was trying to make it a commercial system a few years ago after all, contrary to what I said later in this post.

In fact, part of the freak-out over this is because Intel doesn't seem to have told him about their use of his code - though given the fact that it is under the BSD license (since 2000, according to Wicked-Pedo), they probably didn't really need to.

Besides, the argument with Torvalds back in 1992 was over the kernel model, not licensing. He certainly never had a beef with Linux getting big - he had a beef with it being a nasty grotty impure monolithic kernel rather than an ivory-tower micro-kernel, and that fight is now over 25 years in the past, something both of them have moved on from long since.

More to the point, he never wanted Minix to be in regular use - it is meant as a student model and a research tool, not practical system. It is a kinda-sorta practical system, and a lot more compete than, say, NACHOS or Xinu (in the late 1980s, I had first edition copies of both the Minix book and the Xinu book - the latter was the version for the LSI-11, as this was before the PC version was published), but it is still designed mainly to be easily understood. I don't know if he's planning a fourth edition, as the third is now twelve years old, but if he does, it will be in support of his textbook, which is why it exists in the first place. If he has any reaction beyond, "huh, that's weird, why did they do that?", it will probably be, "But, but, but... it's supposed to be a demonstrator, not an industrial-strength system, it's not up to doing something like that!"

Re: Intel Management Engine: Congratulations, Dr Tannebaum!

Posted: Thu Nov 09, 2017 3:30 pm
by Schol-R-LEA
http://www.zdnet.com/article/minixs-cre ... -using-it/

I added a note about this response to my previous post as well.

Re: Intel Management Engine: Congratulations, Dr Tannebaum!

Posted: Sun Jun 24, 2018 11:42 am
by simeonz
This post and the vulnerability announcements have slipped my attention.

How is this not a hot problem? Some unknown amount of consumer line motherboards were shipped with AMT, Intel's tools red flag virtually anything (including my mobo), and while a fix has been distributed to the OEMs, not all models received updates in the end. You could flash firmware with unsupported images, but I myself am unwilling to take the chance of using stuff originating from third party websites. Should one trust the Intel detection tools or the matherboard vendor, which claims that the problem does not affect their consumer line? And are thousands of PCs sitting ducks at the firmware level at the moment?

Re: Intel Management Engine: Congratulations, Dr Tannebaum!

Posted: Mon Jun 25, 2018 1:09 am
by Solar
I think you underestimate the ambient threat level, significantly. Vulnerabilities like this exist in in the hundreds, if not thousands... and barely anybody really cares, because, what's the alternative? Tossing tens of thousands of boxes to the bin?

Re: Intel Management Engine: Congratulations, Dr Tannebaum!

Posted: Mon Jun 25, 2018 3:58 am
by simeonz
Solar wrote:I think you underestimate the ambient threat level, significantly. Vulnerabilities like this exist in in the hundreds, if not thousands... and barely anybody really cares, because, what's the alternative? Tossing tens of thousands of boxes to the bin?
Why have security updates at all then? Why worry about Meltdown and Spectre. The ME offers more far more system access.

BMCs are not something new, but you cannot slip hardware with BMC without the clearly expressed demand of the customer base. I mean, is there any need for my motherboard to have a coprocessor running a full blown OS, just so that it can do power management. Intel has decided to have the management communication pass out-of-band on the standard ethernet port, which seems a very volatile design to me. That combined with the fact that the security exploits need to be discovered by independent research teams in the undisclosed package, rectified by Intel, distributed to the OEMs, then manually applied by the user.

So far, just a few vulnerabilities have been discovered (a couple I saw). Knowing how many vulnerabilities are there in any reasonably sized piece of system software, it is likely that most of them are still unknown. This makes me feel that most machines with those chipsets are as secure as a public library computer.

Re: Intel Management Engine: Congratulations, Dr Tannebaum!

Posted: Mon Jun 25, 2018 5:59 am
by Ycep
I didn't read the rest of thread, but anyway...
reasons?
Well, personally I think it goes like this:
You see, Intel is a corporation. Corporations love money. What can governments do for their good? Reduce taxes/Give money.
And it seems that for electronic-technology corporations they choose to give money but under one condition: Integrate surveillance spyware in their products.
And it's not only Intel.
"Google is free."
Right, free but under one another condition:Track everything you do with their products. E-mails, Cloud storage, Search, Google location service in Android phones.
"I'm afraid for my privacy so I use Tor browser and Qubes OS"
In fact if you didn't know Tor and all that internet privacy bullshit was made by U.S. government. Just because you sold/bought drugs on Silkroad or watched some pedo porn and they didn't done to you anything yet that does not mean they do not know you did.