MINIX: Intel's Hidden In-chip Operating System (zdnet.com) 271
Steven J. Vaughan-Nichols, writing for ZDNet: Matthew Garrett, the well-known Linux and security developer who works for Google, explained recently that, "Intel chipsets for some years have included a Management Engine [ME], a small microprocessor that runs independently of the main CPU and operating system. Various pieces of software run on the ME, ranging from code to handle media DRM to an implementation of a TPM. AMT [Active Management Technology] is another piece of software running on the ME." [...] At a presentation at Embedded Linux Conference Europe, Ronald Minnich, a Google software engineer reported that systems using Intel chips that have AMT, are running MINIX. So, what's it doing in Intel chips? A lot. These processors are running a closed-source variation of the open-source MINIX 3. We don't know exactly what version or how it's been modified since we don't have the source code. In addition, thanks to Minnich and his fellow researchers' work, MINIX is running on three separate x86 cores on modern chips. There, it's running: TCP/IP networking stacks (4 and 6), file systems, drivers (disk, net, USB, mouse), web servers. MINIX also has access to your passwords. It can also reimage your computer's firmware even if it's powered off. Let me repeat that. If your computer is "off" but still plugged in, MINIX can still potentially change your computer's fundamental settings. And, for even more fun, it "can implement self-modifying code that can persist across power cycles." So, if an exploit happens here, even if you unplug your server in one last desperate attempt to save it, the attack will still be there waiting for you when you plug it back in. How? MINIX can do all this because it runs at a fundamentally lower level. [...] According to Minnich, "there are big giant holes that people can drive exploits through." He continued, "Are you scared yet? If you're not scared yet, maybe I didn't explain it very well, because I sure am scared." Also read: Andrew S. Tanenbaum's (a professor of Computer Science at Vrije Universiteit) open letter to Intel.
Thanks Ronald (Score:2)
Three questions (Score:5, Insightful)
1) Do AMD processors have similar vulnerabilities or is this an Intel issue only?
2) Why isn't Intel being held responsible to fix this, either by action of lawmakers or through lawsuits for providing a faulty product?
3) Shouldn't Intel either have to patch the vulnerabilities or issue a recall?
2 and 3: (Score:2, Informative)
Because it is functioning as intended for its usage among authoritarian regimes (the US included thanks to Congress, the NSA, CIA, and domestic SigInt/PsyOps.)
The Clipper chip concept was never off the table its implementation just became less 'warrant and seize' and more 'illegal wiretap'.
Re: (Score:3, Informative)
1) Yes
2) Because shitty nerds decided it was an issue.
3) Intel doesn't need to recall anything. It is OFF by default.
I can't emphasize this enough, it's a non-story that affects absolutely nobody except for platforms used by enterprise (think business laptops for asset tracking)
The average person does not have the Management engine turned on, it's built into the PCH chipset, not the CPU. You can actually rip out the firmware for the IME from the BIOS if you're paranoid as hell.
From Wikipedia https://en.wiki
Thank you. (Score:4, Interesting)
Thank you for saying that it's off by default - everyone seems to just gloss over that one. More than that, there are only two ways to enable it:
- using a keyboard shortcut during BIOS POST (physical access, the machine is already owned in any number of ways including just taking the drive out, why bother with AMT?)
or
- enable it remotely through arbitrary privileged code execution on the machine (it's owned already) AND you have a certificate issued by a trusted CA specifically for AMT provisioning (costs money), and that certificate's domain matches the one being given out by DHCP at the time of provisioning (meaning the network is owned too). If you already own the machine to the point of executing whatever you like with admin-level permissions, and you own the network to the point of changing DHCP options, why bother with AMT?
For someone to get anywhere with AMT / vPro, they would already have exploited far easier routes to getting anything they could get through AMT / vPro. This is the reason we have seen exactly zero articles about people being exploited in the wild through AMT / vPro - anyone that knows what it actually is, and what it takes to run it, knows there are far easier ways in, and those easier ways are a predicate to using AMT to do whatever they could already do.
Re: (Score:3)
have you ever checked?
Personally, no.
is it even possible to actually check? ahaha.
Of course it is. You cannot remotely manage anything without network traffic. While AMT could hide this traffic from its host, it cannot hide the traffic from the network.
It's easy enough to monitor activity on an enterprise router, or to mirror a port so you can analyze its traffic later without affecting the traffic in any way whatsoever.
For a home user, you could route your traffic through a device running Snort or DD-WRT. I believe both support port mirroring. If not, it's pretty easy to
Re: (Score:2)
More info here:http://www.zdnet.com/article/researchers-say-intels-management-engine-feature-can-be-switched-off/ [zdnet.com]
And here:https://github.com/corna/me_cleaner [github.com]
Re:Three questions (Score:5, Insightful)
What should Intel be fixing? MINIX is licensed under the Berkeley license, and apparently they are in compliance. If there is a known security vulnerability, it was not part of the reporting, so far. Perhaps we need to trust Intel that they have secured this adequately, and I know it is common practice to declare all security to be 'vulnerable', and that is assumed to be a best practice, but to enlarge that attitude and declare all such features as unacceptable due to undisclosed or, more correctly, unknown security breaches is naive.
Intel and others have delivered systems with these 'power off' or out of band management systems for decades. The risks are well understood by those who need to deal with them. Crying the sky is falling dilutes the real arguments, for instance the necessity of these features in consumer grade products, deployment via OS vendors such as Microsoft of widespread out of band management without explicit knowledge by consumers, and lack of useful management tools for SMB users who are not entirely aware of the risks.
Tanenbaum's root complaint seems to be he got little or no credit. Fair enough.
And if you don't understand how attractive an out of band management is, you don't need to. That doesn't make it less useful, just makes you unaware, and be glad you are. All that nasty stuff needed to make large organizations function is worthy of scrutiny, but best left to professionals, despite your closely held distrust of authority.
Re: Three questions (Score:2)
Not much of an answer...
Re: (Score:2)
Not just processors; all integrated circuits are black boxes to you, black boxes to the engineers that design circuits with them.
The datasheet doesn't actually document the wiring, it documents the interface, and the hardware diagrams are equivalent circuits from the perspective of the published API. Sorry.
This is a feature, not a bug, so there will be no recall. Note that this only exists if you have the AMT installed; that's the fancy part you have to pay extra for! Companies that want and have a use for
Re:Three questions (Score:5, Funny)
Can you play Quake on the Management Engine, and if so, at what frame rate.
Re: Three questions (Score:5, Funny)
And after that, research Sony PSP.
Re: (Score:2)
yes [wikipedia.org]
Re: (Score:3)
Generally no, arm chips on motherboards (Score:2)
Generally no, arm chips don't have remote management built in. If you have an arm server, you'd do it the "old-fashioned" way, with the remote management processor being on the motherboard. The remote management processor on a mother board for older Intel or AMD CPUs may itself be an ARM cpu in many instances.
Re: Three questions (Score:3)
Some of them do, eg Apple and Samsung chips have something similar on-die while a lot of other chipsets simply have it off-die.
ARM chips are designed based on the requirements of the manufacturer.
No mention of AMD? (Score:4, Interesting)
Do AMD processors have any counterpart of this nonsense?
Re: No mention of AMD? (Score:2, Informative)
AMD PSP
Re: (Score:2)
Then the logical next question is "Why do they?"
Re: (Score:3)
Who in their right mind devalues their product just because the competitor was stupid enough to do it? That makes zero sense.
Re: (Score:2)
Uh, all of them?
It's very useful for those of us who turn it on (Score:2)
It's extremely useful, to those of us who turn it on, because it replaces a $1,000 IP KVM. I don't care to drive an hour and half to the datacenter and an hour and a half back because somebody typoed a firewall or network setting. Much easier to just fix it remotely using IPMI or IME or whatever your vendor calls it this week.
If you don't need remote access to a crashed machine, don't turn it on.
Re: (Score:2)
Re: (Score:3)
Yes, and they also built their chips into a Playstation [wikipedia.org]
Re: (Score:3)
No "Yo Dawg?"
AC, I am disappoint.
Re: No mention of AMD? (Score:2)
Re: (Score:2)
If this problem continues to grow, it will make sense to 'segment' my computer technology. Keep the high-horsepower processers securely firewalled, and put older more secure hardware out 'on the perimeter' to do communications.
Incidentally, I currently have my Intel machines behind firewalls that run older AMD CPUs, i.e. no AMD equivalents of the hidden processors there. So I should be safe, right?
Re:No mention of AMD? (Score:5, Informative)
Yes, it does [reddit.com]. It's called "AMD Secure Processor" nowadays, but it's better known as PSP (as in "Platform Security Processor", its original name).
Re: (Score:2)
In some way's AMD's system is worse. Less is known about it, and we don't have any ways to sabotage and disable it.
At least with Intel we know how to delete all non-essential parts of the firmware and then set the master disable flag that the NSA asked for.
Re: (Score:2)
AMD is definitely going to have to pay somebody hack them and tell the world they're also running *NIX on the security co-processor. BOFHs everywhere want to know!
Re: (Score:2)
Overblown -- oh and AMD isn't any better (Score:3, Informative)
This stuff is overblown since these management engines are only ever active in a limited set of corporate environments where out-of-band management is a huge plus that actually improves security by not requiring your IT drone to physically access every system even if it's turned off.
Oh, and don't think your magical AMD saviours are any better. There a TrustZone processor that you have zero control over embedded in their products that does the exact same bad stuff.
Re: (Score:2)
these management engines are only ever active in a limited set of corporate environments where out-of-band management is a huge plus that actually improves security by not requiring your IT drone to physically access every system even if it's turned off.
I think you mean that they only have a use to the consumer in a limited set of corporate environments. IME is active on all their chips.
Re: (Score:3, Informative)
The ME is actually active all the time. Basically the modern Intel architecture just doesn't live without ME managing things. It may not be network enabled or remote accessed depending on the configuration, but it's pretty much always there now, and always active.
Even the vendors don't really know what all it may be doing, just that they have to interact with it to provide certain features or interrogate it to explain why the system decided to go haywire.
Re: (Score:2)
But they are active even if you are not using it. They sit listening on the first Ethernet port and will even grab a DHCP address. Given the access they have, and the inability to turn them off, if they can get exploited there is nothing you can do.
Moving your connection too another NIC can stop it from communicating, but it is still active and waiting.
Re: (Score:2, Interesting)
You might want to check your facts here the networking capabilities you're referring to on Intel chipsets is only in the corporate configurations. The consumer based version of the ME does not have a networking stack so there is nothing to remotely control on these configurations.
You don't know that. Nobody but a limited subset within Intel knows if that's actually true or not.
It's a giant freaking security hole with largely unknown properties, therefor nearly impossible for end users to reliably mitigate. Nobody concerned at all with information security should ever run US-made CPUs or commercial operating systems (win/mac). US TLAs have poisoned the well with American hardware and commercial OSes.
Strat
Re: (Score:3)
And it's active all the time.
Re: (Score:2)
Case where security is better due to vPro: a company I used to work for was buying vPro-enabled desktops so that we could provision them and install them in the 2000+ locations they have across the US, so that when Windows shits the bed and needs to be reimaged, a support guy from the call center can take care of it remotely instead of calling out a 2-hour minimum service tech for $LOTS per hour to reimage it.
The math showed that in one year, the average amount of reimaging happening in locations that didn'
Re: (Score:3, Informative)
I am not sure why you are modded -1. This is exactly why I am actively buying vPro-enabled computers at work despite all these "dooms-day" articles about backdoor access to your computer through the chipset. I do not have the time to run between different office locations to fix people's issues when I can easily deal with it remotely. The OOB is a plus over any other remote-help software that requires Windows to be running before I can connect to it.
However, I would prefer to visit the manufacturer's website to download and install the additional ME firmware in order to activate the feature, rather than having this pre-embedded on every chipset. Those that ended up in home products do not need this.
I worked on a project to evaluate vPro and ME for laptops to be used in a very geographically dispersed and isolated environment where they would have Internet access but getting tech support to them would be a nightmare. It was very hard to get these technologies configured properly and two otherwise identical laptops, same make and model and, apparently same EVERYTHING, would behave differently with vPro/ME. I found it quirky and unreliable, sadly. Its a great technology for that kind of environment.
Re: (Score:2, Informative)
And by the way, ME has been broken, full disclosure announced here:
https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668
Re:Overblown -- oh and AMD isn't any better (Score:5, Interesting)
And by the way, ME has been broken, full disclosure announced here:
https://www.blackhat.com/eu-17... [blackhat.com]
An exploit to access turned -off computers, presentation due in a month. Sweeeeet...
Re: (Score:2)
That's probably the fault of the OEM - I worked with Lenovo on this, and if they didn't configure the internal hardware and firmware load exactly the way it should be, it would be missing features, etc. Off-the-shelf models rarely would have the full vPro feature set we were looking for, so we needed to do custom builds. Then it worked great.
Re:Overblown -- oh and AMD isn't any better (Score:5, Insightful)
They were modded -1 because they're dead fucking wrong. The IME runs AT ALL TIMES IF PRESENT.
Re: (Score:3)
You are so wrong that people already hacked the IME and proved you wrong long ago.
https://www.wired.com/2017/05/... [wired.com]
The entire system has to run, every part is dependent upon the other in a chain of trust.
"Many parts of it have to be expressly enabled in the BIOS."
Actually, no, and the most recent news revealed was that there was an accessible NSA-specific command HARDCODED INTO THE IME.
But please, by all means keep covering up when almost all of us know better. That's the sure sign of a shill.
Re: (Score:2)
Oh, and that machine SHOULD NOT BE DEAD but yet because the tiny ME is dead (despite every system from long ago running fine without one) you're hosed.
You must be new in IT to not see why these things are inherently stupid. Try again when you've got 25+ years of experience in it.
Re: (Score:2)
Re: (Score:2)
"I do not have the time..."
"Lazy people"
The latter written by someone who apparently has not done real world dispersed support for a living. Windshield time is real in the known relativistic universe. Denying it only leaves you with uses unable to work, and bosses unable to retain your services.
Re: (Score:3)
Until that ME processor itself dies. Then you're stuck fucking going there any goddamned ways to replace an entirely dead machine.
Actually that doesn't need to be the case.
For a single location it probably should be the case, but for multiple sites spread over the country or more it really is the most efficient option.
Our OEM vendor enables ATM for us and uploads our public provision key into the ME.
They can then ship the desktop to any location we tell them to.
Once its on the LAN and turned on, the ME contacts our provisioning server and gets all the ATM settings, bios settings, and access public keys, and as they are signed by our p
Re: (Score:3)
Set the HAP bit to 1.
You're welcome.
How is this news again? (Score:3)
Re: (Score:3)
The new part is that you make people pay you for putting the computers you manage into their server room, pay for the power to run them and put their software for you to manage on it.
It's kinda like being the admin for a server farm, only that you don't get paid, but in return, neither do you have to pay for anything, you're not responsible for anything you do to the computers and you can do with the software and data on them whatever you please.
Re: (Score:2)
It's kinda like being the admin for a server farm, only that you don't get paid, but in return, neither do you have to pay for anything, you're not responsible for anything you do to the computers and you can do with the software and data on them whatever you please.
Oh, you still pay for it. The fees include both hardware, operating costs and administration (done by largely unqualified people, but still administration of sorts). It's just cheaper due to scale.
And you're still responsible - the contracts tend to have clauses that you must not interfere with the hosting or other services. So if you deliberately break the hardware through software (quite doable, alas), don't expect them to blindly replace broken gear forever.
Re: (Score:3)
You buy the hardware I make, I retain the ability to do whatever I please with it and you can't do jack shit about it.
This is basically what Intel is telling you. No, you needn't pay Intel to do it, but then again, neither can you keep them from doing whatever the fuck they want to your hardware, software and data.
Re: (Score:3)
Intel and the TLA's saying it's benign, we should probably just trust them implicitly, it's fine.
Also unintended consequences never, ever happen
Re: (Score:2)
Before the cloud, people used to put their own servers in server rooms. That's the interface to manage your machine from outside.
This doesn't prevent a system from coming into your environment already compromised. That, to me is the scary part. Your order could be intercepted and compromised or compromised at the vendor before shipment. And there is no way to scan the subsystem for threats.
The years of the Minux desktop (Score:5, Insightful)
Tanenbaum: a professor of Computer Science...? (Score:5, Informative)
Kids these days...
Andrew S. Tanenbaum is the original creator of MINIX, not just "a professor" at Vrije Universiteit.
Re: (Score:2, Funny)
So it is all his fault
Re: (Score:2)
Somebody needs to learn a little tech history. The Linux (monolithic kernel) versus Minix (micro kernel) debate is well known.
Re: (Score:2)
Somebody needs to learn a little tech history. The Linux (monolithic kernel) versus Minix (micro kernel) debate is well known.
Apparently you don't hear that whooshing sound over your head.
Re: (Score:2)
I'll just leave this here.
That's okay (Score:2)
We can always use a Raspberry Pi, right?
Re: (Score:2)
Isn't this like a BIOS? (Score:2)
that's been around for decades? except they add more stuff to it and now it runs in a separate processor?
Re: (Score:2)
That's like saying the computer in a Tesla Model S is like the engine in a Ford Model T.
Re: (Score:3)
No it's not. It's literally like having a full second computer running in parallel to your main computer, except that it is always running as long as there is power to your machine, and you can't shut it off, and it can take over your main machine.
It's a great feature for corporate environments where the remote access helps IT do their job. For everyone else, it's a f__king stupid idea because the average person has no idea what it does or why it's there, or even that it IS there, which paints a great big
Re:Isn't this like a BIOS? (Score:5, Insightful)
Do you know of a BIOS that runs when the computer is off?
This is beyond "when I get the magic packet IRQ from the Ethernet controller I will wake up" into "there's a full, general purpose OS running on every processor, talking to the network, interpreting traffic, able to intercept every memory access, and which we have no way to probe, investigate, debug or understand and which may well be auto-updating from the Internet on a regular basis without our consent".
Question: How do you generate a secure private key on a computer with this in? Literally, you can't.
With BIOS, the scope was so limited that it couldn't be used for such things, and was just "the code that the computer started at" (literally, a soft-reboot is "jump to address 0, the first line of the BIOS).
This is a full set of processors listening to everything your other processes do all the time no matter what OS you run or security you apply. And nobody knew what it was doing. And the governments have been removing it from their purchases for years by making Intel make chips without it.
If THAT ONLY wasn't reason enough to worry about what it could be doing, you clearly haven't understood what it could be doing.
Literally, this is a full-above-root compromise of every machine on the planet under Intel's sole control. Everything from microphones to connected devices to nearby wireless etc. could be turned against the user.
Doing that with "just a BIOS" was much harder, much more obvious (i.e. you could generally disassemble the firmware and/or inspect it step-by-step as it was running) and much less damaging.
Intel has a full computer in every chip on almost every motherboard on the planet. And nobody knows or understands why (because computers work just fine without such a feature, always used to, and still do when you disable such things by forceful means), nobody was really told about it, and it's taken years to discover even what architecture/OS it's running on, let alone what it's doing.
One virus exploiting one flaw in this and anyone can gain control of the planet over the Internet with NO WAY to clean it off or even detect it.
Re:Isn't this like a BIOS? (Score:5, Interesting)
This is a full set of processors listening to everything your other processes do all the time no matter what OS you run or security you apply. And nobody knew what it was doing. And the governments have been removing it from their purchases for years by making Intel make chips without it.
This. Right here. The fact that governments have demanded hardware without it is reason enough NOT to trust that it is 'safe'.
Re:Isn't this like a BIOS? (Score:4)
Do you know of a BIOS that runs when the computer is off?
Sure: All HP servers, all Dell servers, all IBM servers.
HP calls it "iLo" or "Integrated Lights-Out"
IBM calls it the "RSA" or "Remote Supervisor Adaptor"
Dell calls it the "iDRAC" or "Integrated Dell remote access"
The hardware has been pretty standard for some time now. Although HP used to require purchasing a software license key per-server to be allowed to use it.
Intel ME/ATM is the same thing but available in desktop grade computers, any core-i chip with vPro.
Re: (Score:3)
Do you know of a BIOS that runs when the computer is off?
Was this an attempt at a joke? The answer to this question is: All of them since the days of ATX and if you were a corporate customer it predates this too.
all i have to say is (Score:2)
Re: (Score:2)
Hackers detivoize the Minix install and every PC commences mining cryptocurrency on behalf of our 'enemy' and the 3 letter agencies are unable to crack their way in since a firmware update retivoizes the machine locking the backdoors.
Re: (Score:3)
Re: (Score:2)
This is a little bit awesome, though. (Score:5, Interesting)
Re: (Score:2)
I've been waiting for someone to port Linux interfaces for SystemD (previously udev, kevents, and HAL) to Minix for a while, which would make it capable of replacing the Linux kernel.
Beyond that, you'd need to port in the file system and hardware drivers. Since they're separate services, you can make GPL versions out-of-tree and just load them into Minix. In-tree versions of adapted netbsd, freebsd, or dragonflybsd drivers are allowable.
Re: (Score:3)
I've been waiting for someone to port Linux interfaces for SystemD (previously udev, kevents, and HAL) to Minix for a while, which would make it capable of replacing the Linux kernel.
While I see what you are getting at and it's a laudable goal, I don't see anyone wanting to dig into systemd to do it. It's like dissecting a skunk. You might learn something, and even do something to help, but it won't be pleasant.
Re: (Score:3)
SystemD uses well-understood Linux kernel facilities such as the facility that sends notifications to an application when new hardware is plugged in, rather than having stuff constantly poll the USB/PCI bus and then run mknod scripts in /dev.
You may as well say nobody probably wants to dig into glibc to figure out how loading ELF executables works.
Re: (Score:2)
So it's a backdoor/// (Score:3, Interesting)
Re:So it's a backdoor/// (Score:5, Insightful)
Let's call this what it is: A variation of the "clipper chip" like the government tried to do years ago, except this is more powerful and way worse.
That's a mischaracterization so egregious it could be called a lie.
The ME (and AMD's analogous PSP) have nothing to do with government, and nothing to do with cryptography (though they make heavy use of it). Clipper was about enforcing a standardized encryption mechanism with a built-in backdoor specifically for law enforcement. Completely different thing.
ME and PSP are remote system management tools. Their purpose is to enable enterprises to remotely administer systems, including not only being able to remotely install a new operating system, but to strongly verify the installation from the running OS. The reason it's in all systems, not just systems targeted at enterprise use, is that it's more economical to have a single solution
That said... you are absolutely correct that these tools *could* be used by malicious parties, whether for corporate espionage, government intrusion or anything else, and they are incredibly powerful, and not understood nearly well enough outside of the teams at Intel and AMD who build them. I know some of the people at Intel who work on this stuff and I'm pretty confident that they're doing good work, and doing the right things... but the lack of transparency makes me really nervous.
Remote management tools make sense, but it should be possible for end users to disable them, or to take ownership of them and use them for their own ends. The details of exactly how they work, including their source code, should be published. Indeed, I think government should mandate the publication of low-level system management tools and firmware. We need a lot more academic research into the security and operation of these systems.
Re:So it's a backdoor/// (Score:4, Insightful)
Re: (Score:2)
Re: (Score:3)
Re: (Score:3)
What makes you so sure this isn't a government-friendly end-run around the failure of the Clipper chip program?
All we're presently missing is a handful of Snowden codenames for the many ways this advantages the NSA in the
Re: (Score:2)
No, it has nothing to do with the "Clipper Chip" (Score:2)
Minix, that's terrible (Score:4, Funny)
Minix like (Score:2)
It's important news, even if a little old (Score:3)
https://www.eteknix.com/expert... [eteknix.com]
Re: (Score:3)
https://www.techrepublic.com/a... [techrepublic.com]
Someone Knows How (Score:2)
"running on three separate x86 cores on modern chips. There, it's running: TCP/IP networking stacks (4 and 6), file systems, drivers (disk, net, USB, mouse), web servers. MINIX also has access to your passwords."
Three separate cores? (Score:2)
TFA claims the latest version runs on three separate x86 cores. Are these three in addition to the stated number of cores on the chip, or is it running on three cores that I paid for, and interfering with my use?
wow the FUD is strong in that one (Score:5, Informative)
We have a couple facts here, and a whole bunch of conclusions.
The facts are that there is a general purpose OS running a microkernel in a management layer on unspecified Intel CPUs. This general purpose OS provides at least network accessible management interfaces.
The conclusions are this general purpose OS is infinitely exploitable to steal all your top secret information and redirect all you web requests to the mind control platform of the month.
This Minnich character (I enjoyed that similarity, Minnich/Minix) then jumps to a call to neuter everything below the user installed OS including UEFI. He then juts off on a side tangent and says trust me (He is a Google engineer) to always install good safe firmware on your Chromebook. That was a nice subtle bit of astroturfing there. He also blames Minix for slow boot time on an Open Compute server, not sure where minix plays into that or what axe he is grinding.
Let's look at it a little more objectively. Why do these processor companies keep putting general purpose OSs at a level which was traditionally all hardware/firmware, and why do systems makers use an accesible programming layer to configure hardware like UEFI? Well, whe we were running 386s and 486s we really were running microprocessors. Hardware was relatively static, device support was locked at time of manufacture, processors did processing (with maybe a coprocessor for math) and accessory cards did a single function each. In that time frame supers, like the first Crays, couldn't even boot themselves. They used a completely separate computer to boot and for time scheduling and such. Now today, we have computers which are powerful on the level of the early supers. Our processing no longer all happens on the CPU, but also in the GPU(s) and other pieces in the system. We no longer have external memory and bus controllers, they are built into the processor or the mandatory northbridge, and are much more capable and adaptive. There are hosts of sensors built into modern processors. All of these pieces need to be managed. There is an absolute necessity for a relatively capable computer in there to manage all these pieces.
It used to be done with static logic arrays, controlled by registers, and we called it BIOS, and it had a little interface that could usurp the monitor output and keybpoard and chirp the speaker, later got so fancy it could hijack a mouse on some systems. It was very limited, in fact, on the earliest PCs it didn't have a UI at all, it had dip switches or jumpers on the system board.
Now with the advent of negotiated buses (even memory buses, back in the day I never would have conceived of a CPU being able to ask a memory module what capabilities it possessed and automatically configure timing parameters to best talk to it) the management processor has a lot to do. On high end machines they even do this negotiation on the fly with the advent of hot plug PCI buses and on the fly memory error compensation. By the nature of the beast this management engine has to be able to see all the data buses, otherwise every single connection interface would need an out of band management channel.
I suppose you could make this management engine like a FPGA, configure it once and burn your bridges, no further interraction possible, but then what happens when you need to add or change something?
Likewise it often doesn't need a network interface, but if it doesn't have one then we have to do wake on LAN with yet another baby management computer. How about physical intrusion detection? again, not often needed, but sometimes...
Basically what a general purpose OS in the management layer does is give nearly infinite flexibility. This technology is a big part of the reason so much of our stuff just works.
Now, I am not really a drink the cool-aid from the benevolent overlords kind of guy, I am not at all in favor of secret OSs underpinning our hardware without our knowledge, but let's not throw out the baby too. That capability is in most cases useful
Finally! (Score:2)
2017 is the year of MINIX on the desktop! All of the desktops...
How to exploit the Intel Management Engine (Score:4, Informative)
Re:BSD uber alles! (Score:4, Insightful)
Yep, score one for corporate control.
Hear that, Tanenbaum? That's the sound of Intel screwing you with your own code.
Re: (Score:2)
Re: (Score:2)
That's what I'd like to know too.
Re: (Score:2)
Give me a break. MINIX provides nothing that enables this.
If the ME can image the drive remotely it can certainly change /etc/ssh/sshd_config and /root/.ssh/authorized_keys with a small driver (ext2, etc.). GRUB is way tinier and can handle basic ext2 stuff.
It doesn't matter if the ME is only listening to the LAN. Give a decent blackhat a week and you'll have a package that deploys to an ad network which exploits the browser, then exploits the router, then exploits the ME and opens a remote C&C channe